Page 1 of 1

IPIP Tunnel Only Establishes In One Direction

Posted: Sat Sep 07, 2019 9:59 pm
by greglangford
Evening All,

I am now a long time user of Mikrotik and Routerboard products. I have however encounted an issue I can't seem to resolve.

Essentially I am creating a site to site IPsec tunnel between my home and a virtual server, each end of the tunnel is using a /32

Home: 10.200.200.2 (Ipsec)
Virtual Server: 10.200.200.1 (Ipsec)

Home: 10.200.201.2 (IPIP)
Virtual Server: 10.200.201.1 (IPIP)

The IPsec tunnel works perfectly, the Mikrotik initiates the connection and the Virtual server accepts it, ping works in both directions no problem.

My issue is when I try and run IPIP or GRE over this IPsec tunnel, from the Mikrotik if I ping the remote IPIP tunnel end point 10.200.201.1 I get no response. However if I leave the ping running and now go to the Virtual Server and ping 10.200.201.2 the tunnel establishes, I see ping responses on the virtual server and I also see them on the Mikrotik now responding.

The problem seems to be that the IPIP tunnel can not be bought up from the Mikrotik only from the Virtual Server. I have disabled all firewalls on the Virtual Server, I do see occasional IPIP packets arrive using TCP dump on the Virtual Server but it is not until I send traffic from the Virtual Server that the tunnel comes up.

Could any one think what could be causing the issue? Thank you in advance.

Kind Regards,
Greg Langford