Community discussions

MikroTik App
 
Cablenut9
Long time Member
Long time Member
Topic Author
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Route traffic through IP tunnel after masquerading

Tue Jul 13, 2021 10:51 pm

I have problem where I have an IP tunnel to some other router and a NAT setup. When I try to ping 1.1.1.1 from R1, the IP tunnel interface on R2 shows that it is coming from a LAN address. However, this means that I'm encapsulating the traffic BEFORE the NAT masquerade. Is there a way to double this up so that both source addresses get converted to R1's?
 
Cablenut9
Long time Member
Long time Member
Topic Author
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Route traffic through IP tunnel after masquerading

Tue Jul 13, 2021 11:47 pm

Is this possible with some route rule hack?
 
Cablenut9
Long time Member
Long time Member
Topic Author
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Route traffic through IP tunnel after masquerading

Wed Jul 14, 2021 2:54 am

Here's what I want to do: I need to encapsulate the router's IP two ways, both in the inner IP packet and on the outside IPIP packet so it looks like this:
[Router Address][Dst Router Address](Router Address)(Some Dst Internet Address)(IP Packet Content)[IPIP Trailer]
Could the regular src-nat action function in /ip firewall nat be of any use?
 
Cablenut9
Long time Member
Long time Member
Topic Author
Posts: 542
Joined: Fri Jan 08, 2021 5:30 am

Re: Route traffic through IP tunnel after masquerading

Wed Jul 14, 2021 4:42 am

I fixed it! If I add another rule to use the src-nat rule for all IPIP interfaces in addition to the masquerade rule for my other interfaces, it works great.
/ip firewall nat
add action=src-nat chain=srcnat out-interface-list=IPIP to-addresses=10.0.0.2
add action=masquerade chain=srcnat ipsec-policy=out,none out-interface-list=!LAN

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], emunt6, menyarito, stef70 and 62 guests