i figured out a problem on RouterOS 6 (tile rc11 and 12 tested)
If there is a IPSec Connection from xxx.xxx.xxx.166 (customer) to yyy.yyy.yyy.10, connection will not establish.
Code: Select all
[EXTERNAL IPSec Server] yyy.yyy.yyy.10 --- xxx.xxx.xxx.242 [R1] 192.168.1.1 --- 192.168.1.2 [R2] xxx.xxx.xxx.166 (some device pppoe device with ipsec client behind. Not mikrotik)
Torch on PPPoE Interface of R2 to xxx.xxx.xxx.166 shows:
SRC xxx.xxx.xxx.166, DST xxx.xxx.xxx.242, Rx Rate 0 bps, Tx Rate some bps
SRC xxx.xxx.xxx.166, DST yyy.yyy.yyy.10, Rx Rate some bps, Tx Rate 0 bps
If i disable all nat rules on R1, immediatly IPSec starts working and first line of torch disappear. Therefor, line 2 shows some tx rate too
It does not matter, what nat rule will be active on R1, every nat rule triggers the error.
The nat rules are:
/ip firewall nat
add action=masquerade chain=srcnat disabled=yes out-interface=ether6 \
add action=masquerade chain=srcnat disabled=yes out-interface=ether11
add action=masquerade chain=srcnat src-address=192.168.2.0/24
If i disable also the third rule, IPSec works fine. If any of these rules is active, it will not.
Internet Port is ether6 and xxx.xxx.xxx.166 is member of list "nomasq"
Is there any solution or could it be my fault?