I was following a guide from here on how to setup a IPSec Site-to-site tunnel. Currently its connected to my local network for testing before deploying.
I am having problems getting internet from the remote site from the local network. So from 192.168.110.0/24 --> Internet unless i enable the masquerade rule i setup in NAT:
Code: Select all
/ip firewall nat
add action=masquerade chain=srcnat dst-address=!192.168.100.0/24 \
out-interface-list=WAN
Code: Select all
[mike6715b@Client MT] > ping 1.1.1.1 src-address=192.168.110.1
SEQ HOST SIZE TTL TIME STATUS
0 1.1.1.1 56 57 11ms
1 1.1.1.1 56 57 11ms
2 1.1.1.1 56 57 11ms
sent=3 received=3 packet-loss=0% min-rtt=11ms avg-rtt=11ms max-rtt=11ms
[mike6715b@Client MT] > ping 1.1.1.1 src-address=192.168.110.1
SEQ HOST SIZE TTL TIME STATUS
0 1.1.1.1 timeout
1 1.1.1.1 timeout
2 1.1.1.1 timeout
sent=3 received=0 packet-loss=100%
[mike6715b@Stragatrans ZG] >
Other than that, connection works flawlessly and i can ping the from remote to local and the other way around.
IP addresses:
Client site LAN: 192.168.110.0/24
VPN tunnel: 10.20.0.0/24
HQ LAN: 192.168.100.0/24
My network: 192.168.20.0/24 (Using this as "Internet" for mikrotiks)
Client export included: