Community discussions

 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

ipsec: failure to add policy

Sat Nov 30, 2013 5:50 pm

Hello, I'm trying to setup IPSec on Mikrotik RouterOS 6.6 but it isn't coming up, what is wrong with my setup? Why can't the client find any policies?

ros code

/ip ipsec mode-cfg
add address-pool=vpn-pool name=home-vpn
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-128
/ip ipsec peer
add auth-method=pre-shared-key-xauth enc-algorithm=aes-128 generate-policy=\
    port-strict mode-cfg=home-vpn nat-traversal=yes passive=yes secret=megasecret send-initial-contact=no
/ip pool
add name=LAN_POOL ranges=192.168.55.65-192.168.55.126
add name=vpn-pool ranges=192.168.55.128/27
30/11/13 16:04:36,727 racoon[456]: >>>>> phase change status = Phase 1 established
30/11/13 16:04:36,727 racoon[456]: IKE Packet: receive success. (MODE-Config).
30/11/13 16:04:36,727 configd[19]: IPSec Network Configuration started.
30/11/13 16:04:36,727 configd[19]: IPSec Network Configuration: INTERNAL-IP4-ADDRESS = 192.168.55.159.
30/11/13 16:04:36,727 configd[19]: IPSec Network Configuration: INTERNAL-IP4-MASK = 255.255.255.0.
30/11/13 16:04:36,727 configd[19]: IPSec Network Configuration: INTERNAL-IP4-DNS = 192.0.2.2.
30/11/13 16:04:36,727 configd[19]: IPSec Network Configuration: INTERNAL-IP4-DNS = 192.0.2.1.
30/11/13 16:04:36,727 configd[19]: Failed to add policy. Number of policies processed 0 (with 0 drained).
30/11/13 16:04:36,727 configd[19]: IPSec Controller: IPSecInstallPolicies failed 'no policies found'

30/11/13 16:04:36,727 configd[19]: IPSec Phase1 established.
30/11/13 16:04:37,142 Console[459]: setPresentationOptions called with NSApplicationPresentationFullScreen when there is no visible fullscreen window; this call will be ignored.
30/11/13 16:04:41,019 xpcproxy[461]: assertion failed: 13A603: xpcproxy + 3438 [EE7817B0-1FA1-3603-B88A-BD5E595DA86F]: 0x2
30/11/13 16:04:49,988 com.apple.usbmuxd[64]: _SendAttachNotification Device bc:3b:af:09:c7:46@fe80::be3b:afff:fe09:c746._apple-mobdev2._tcp.local. has already appeared on interface 4. Suppressing duplicate attach notification.
30/11/13 16:04:53,572 configd[19]: IPSec disconnecting from server 81.x.x.x
30/11/13 16:04:53,572 racoon[456]: IPSec disconnecting from server 81.x.x.x
30/11/13 16:04:53,572 racoon[456]: IKE Packet: transmit success. (Information message).
30/11/13 16:04:53,573 racoon[456]: IKEv1 Information-Notice: transmit success. (Delete ISAKMP-SA).
30/11/13 16:04:53,573 racoon[456]: failed to send vpn_control message: Broken pipe
30/11/13 16:04:53,574 racoon[456]: glob found no matches for path "/var/run/racoon/*.conf"
30/11/13 16:04:53,574 racoon[456]: IPSec disconnecting from server 81.x.x.x
30/11/13 16:04:53,576 configd[19]: network changed.
30/11/13 16:04:53,581 configd[19]: network changed.
 
andriys
Forum Guru
Forum Guru
Posts: 1187
Joined: Thu Nov 24, 2011 1:59 pm
Location: Kharkiv, Ukraine

Re: ipsec: failure to add policy

Sun Dec 01, 2013 12:04 am

Why can't the client find any policies?
Probably because you have not defined any.
Using 'generate-policy' on client side does not make any sense to me.
 
ners
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 99
Joined: Tue Mar 12, 2013 4:30 pm

Re: ipsec: failure to add policy

Sun Dec 01, 2013 7:02 pm

Why can't the client find any policies?
Probably because you have not defined any.
Using 'generate-policy' on client side does not make any sense to me.
Mikrotik is not the client, it's the concentrator (server)

Who is online

Users browsing this forum: No registered users and 100 guests