I try link 2 mikrotik routes (RB750Gr3 and RBD52G-5HacD2HnD-TC, all routers works on ROUTEROS 7.7) with ipsec for security and over ipsec tunnel i build ipip tunnel, and when we all configured almost works, traffic between routes over ipip tunnel was passed RIP routes on each sides was announced so everything works:
our configuration(we use link local addresses for ipsec tunnel and ipip over ipsec tunnel)
Code: Select all
169.254.0.2/32 - router01 ipsec tunnel address
169.254.0.1/32 - router02 ipsec tunnel address
169.254.1.10/30 - router01 ipip over ipsec tunnel address
169.254.1.8/30 - router02 ipip over ipsec tunnel address
both address local and remote was provided for ipip tunnel, keepalive is off
Code: Select all
[admin@MikroTik] > ping src-address=169.254.0.2 169.254.0.1
SEQ HOST SIZE TTL TIME STATUS
0 169.254.0.1 56 64 61ms382us
1 169.254.0.1 56 64 63ms641us
2 169.254.0.1 56 64 49ms207us
3 169.254.0.1 56 64 62ms691us
sent=4 received=4 packet-loss=0% min-rtt=49ms207us avg-rtt=59ms230us max-rtt=63ms641us
Code: Select all
Frame 7: 139 bytes on wire (1112 bits), 139 bytes captured (1112 bits) on interface udpdump, id 0
EXPORTED_PDU
TZSP: Ethernet
Ethernet II, Src: 00:00:00_00:00:00 (00:00:00:00:00:00), Dst: 00:00:00_00:00:00 (00:00:00:00:00:00)
Internet Protocol Version 4, Src: 92.101.161.39, Dst: 169.254.0.1
Internet Protocol Version 4, Src: 169.254.1.10, Dst: 169.254.1.8
Internet Control Message Protocol
first we thinked about is NAT, but why in such case working direct ping between ipsec addresses, also in our firewall was set not track for ipsec adresses in raw table, so NAT can't be a reason this strange behaviour
Now we think that this is a bug in ROUTEROS 7.7, or we miss something....