Page 1 of 1

Using IPSec/IKEv2 VPN when connected to RouterOS Hotspot

Posted: Mon Jun 22, 2020 4:38 pm
by cohprog
I have a Mikrotik configured with hotspot. I noticed that it is not possible to create a IPSec/IKEv2 VPN while connected to the hotspot. Is there a way to allow this kind of VPN when connected to the hotspot? Maybe with some firewall/mangle rules to bypass the hotspot setup? I don't care if it bypass other hotspot features or rules. I just need to be able to do an IPSec VPN when connected to the hotspot.

For example:
IPSec/IKEv2 server address:
Hotspot server external IP: yyy.yyy.yyy.1
Hotspot client network:

I tried to add some firewall rules to "accept" anything from to (and anything coming from and going to but I am not sure where to put those rules to make it work.

In the IPSec server logs, I only get:
ipsec, info : new ike2 SA (R):[500]-yyy.yyy.yyy.1[45836]

And in the client's logs:
sending packet: from[47433] to[4500]
giving up after 3 retransmits
establishing IKE_SA failed. Peer not responding

(If I disable the hotspot, establishing an IPSec VPN works fine)