I have a Mikrotik configured with hotspot. I noticed that it is not possible to create a IPSec/IKEv2 VPN while connected to the hotspot. Is there a way to allow this kind of VPN when connected to the hotspot? Maybe with some firewall/mangle rules to bypass the hotspot setup? I don't care if it bypass other hotspot features or rules. I just need to be able to do an IPSec VPN when connected to the hotspot.
IPSec/IKEv2 server address: xxx.xxx.xxx.1
Hotspot server external IP: yyy.yyy.yyy.1
Hotspot client network: 10.0.0.0/24
I tried to add some firewall rules to "accept" anything from 10.0.0.0/24 to xxx.xxx.xxx.1 (and anything coming from xxx.xxx.xxx.1 and going to 10.0.0.0/24) but I am not sure where to put those rules to make it work.
In the IPSec server logs, I only get:
ipsec, info : new ike2 SA (R): xxx.xxx.xxx.1-yyy.yyy.yyy.1
And in the client's logs:
sending packet: from 10.0.0.2 to xxx.xxx.xxx.1
giving up after 3 retransmits
establishing IKE_SA failed. Peer not responding
(If I disable the hotspot, establishing an IPSec VPN works fine)