Community discussions

MikroTik App
 
User avatar
cohprog
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 64
Joined: Sat May 23, 2015 4:54 pm
Contact:

Using IPSec/IKEv2 VPN when connected to RouterOS Hotspot

Mon Jun 22, 2020 4:38 pm

I have a Mikrotik configured with hotspot. I noticed that it is not possible to create a IPSec/IKEv2 VPN while connected to the hotspot. Is there a way to allow this kind of VPN when connected to the hotspot? Maybe with some firewall/mangle rules to bypass the hotspot setup? I don't care if it bypass other hotspot features or rules. I just need to be able to do an IPSec VPN when connected to the hotspot.

For example:
IPSec/IKEv2 server address: xxx.xxx.xxx.1
Hotspot server external IP: yyy.yyy.yyy.1
Hotspot client network: 10.0.0.0/24

I tried to add some firewall rules to "accept" anything from 10.0.0.0/24 to xxx.xxx.xxx.1 (and anything coming from xxx.xxx.xxx.1 and going to 10.0.0.0/24) but I am not sure where to put those rules to make it work.

In the IPSec server logs, I only get:
ipsec, info : new ike2 SA (R): xxx.xxx.xxx.1[500]-yyy.yyy.yyy.1[45836]

And in the client's logs:
sending packet: from 10.0.0.2[47433] to xxx.xxx.xxx.1[4500]
giving up after 3 retransmits
establishing IKE_SA failed. Peer not responding

(If I disable the hotspot, establishing an IPSec VPN works fine)

Who is online

Users browsing this forum: drbunsen, Infatuas, ofca and 69 guests