Community discussions

 
greglangford
just joined
Topic Author
Posts: 1
Joined: Sat Sep 07, 2019 9:52 pm

IPIP Tunnel Only Establishes In One Direction

Sat Sep 07, 2019 9:59 pm

Evening All,

I am now a long time user of Mikrotik and Routerboard products. I have however encounted an issue I can't seem to resolve.

Essentially I am creating a site to site IPsec tunnel between my home and a virtual server, each end of the tunnel is using a /32

Home: 10.200.200.2 (Ipsec)
Virtual Server: 10.200.200.1 (Ipsec)

Home: 10.200.201.2 (IPIP)
Virtual Server: 10.200.201.1 (IPIP)

The IPsec tunnel works perfectly, the Mikrotik initiates the connection and the Virtual server accepts it, ping works in both directions no problem.

My issue is when I try and run IPIP or GRE over this IPsec tunnel, from the Mikrotik if I ping the remote IPIP tunnel end point 10.200.201.1 I get no response. However if I leave the ping running and now go to the Virtual Server and ping 10.200.201.2 the tunnel establishes, I see ping responses on the virtual server and I also see them on the Mikrotik now responding.

The problem seems to be that the IPIP tunnel can not be bought up from the Mikrotik only from the Virtual Server. I have disabled all firewalls on the Virtual Server, I do see occasional IPIP packets arrive using TCP dump on the Virtual Server but it is not until I send traffic from the Virtual Server that the tunnel comes up.

Could any one think what could be causing the issue? Thank you in advance.

Kind Regards,
Greg Langford

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 44 guests