When connecting, the client (Windows 10) does not receive a route.
192.168.10.0/24 network route to which I want to transfer to the client (split-include=192.168.10.0/24)
Mikrotik
Code: Select all
/interface bridge
add name=bridge1
/interface list
add name=Lan
add name=Wan
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip ipsec policy group
add name=ikev2
/ip ipsec profile
add name=ikev2Pr
/ip ipsec peer
add exchange-mode=ike2 name=peerikev2 passive=yes profile=ikev2Pr
/ip ipsec proposal
add name=Ikev2Prop pfs-group=none
/ip pool
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
add name=ipsecpool ranges=10.20.0.100-10.20.0.199
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 name=dhcp1
/ip ipsec mode-config
add address-pool=ipsecpool name=MdIkev2 split-include=192.168.10.0/24 \
system-dns=no
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
/ip neighbor discovery-settings
set discover-interface-list=Lan
/interface list member
add comment=INTERNET interface=ether1 list=Wan
add comment=LOKALKA interface=ether2 list=Lan
add interface=ether3 list=Lan
add interface=ether4 list=Lan
add interface=bridge1 list=Lan
/ip address
add address=192.168.10.1/24 interface=bridge1 network=192.168.10.0
/ip dhcp-client
add disabled=no interface=ether1 use-peer-dns=no
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
/ip dns
set allow-remote-requests=yes servers=8.8.8.8,77.88.8.8
/ip dns static
add address=127.0.0.1 name=vk.com
add address=*.*.*.* name=ipsec.ru
****************************
settings firewall and skip
****************************
/ip ipsec identity
add auth-method=digital-signature certificate=server generate-policy=\
port-strict mode-config=MdIkev2 peer=peerikev2 policy-template-group=ikev2
/ip ipsec policy
add dst-address=10.20.0.0/24 group=ikev2 proposal=Ikev2Prop src-address=\
0.0.0.0/0 template=yes
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/system clock
set time-zone-name=Europe/Moscow
/system identity
set name=MikGATE
/tool mac-server
set allowed-interface-list=Lan
/tool mac-server mac-winbox
set allowed-interface-list=Lan
/tool mac-server ping
set enabled=no
