Community discussions

MUM Europe 2020
 
trn76
just joined
Topic Author
Posts: 13
Joined: Sat Aug 20, 2011 6:49 pm
Location: Norway
Contact:

IPSec Tunneling - Help needed - part 2 - Static Routes

Thu Mar 20, 2014 8:46 pm

So I am trying to setup an IPSec connection to a third party that is providing secure access to some networks. The network is setup as follows:

Local MikroTik:
WAN IP - 1.1.1.1/24
Local Side of IPSec - 192.168.1.1/24
LAN - 172.16.0.1/24

Remote IPSec Concentrator
WAN IP - 2.2.2.2/24
Remote Side of IPSec - 10.0.0.1/24

I have setup the tunnel policy, peer, proposals, etc and am able to ping 10.0.0.1/24 through the tunnel.

The question is that this provider also provides access to other networks (10.1.1.0/24, 10.2.2.0/24, etc) through that gateway. My question is that I am not sure how to actually setup the static routes to route 10.1.1.0/24, etc to 10.0.0.1/24 since IPSec doesn't actually create an interface.

How can you fix this?... Thoughts?
 
User avatar
c0d3rSh3ll
Long time Member
Long time Member
Posts: 558
Joined: Mon Jul 25, 2011 9:42 pm
Location: [admin@Chile] >

Re: IPSec Tunneling - Help needed - part 2 - Static Routes

Thu Mar 20, 2014 9:00 pm

Try this:
Add a static route like this
/ip route add dst-address=remote_network gateway=ip_peerIPsec


sent from my mobile phone with tapatalk
nothing
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: IPSec Tunneling - Help needed - part 2 - Static Routes

Thu Mar 20, 2014 9:37 pm

Try this:
Add a static route like this
/ip route add dst-address=remote_network gateway=ip_peerIPsec


sent from my mobile phone with tapatalk
Problem with that is that the route will show as unreachable.

Sent from my SCH-I545 using Tapatalk
 
efaden
Forum Guru
Forum Guru
Posts: 1711
Joined: Sat Mar 30, 2013 1:55 am
Location: New York, USA

Re: IPSec Tunneling - Help needed - part 2 - Static Routes

Fri Mar 21, 2014 3:03 am

Try this:
Add a static route like this
/ip route add dst-address=remote_network gateway=ip_peerIPsec


sent from my mobile phone with tapatalk
Problem with that is that the route will show as unreachable.

Sent from my SCH-I545 using Tapatalk

After my research I am thinking this isn't actually possible since MikroTik doesn't give you an interface for IPSec connections thus you cannot route with them. Anyone else shed some light?
 
pischta
just joined
Posts: 8
Joined: Fri May 10, 2013 12:47 pm

Re: IPSec Tunneling - Help needed - part 2 - Static Routes

Fri Mar 21, 2014 10:07 am

I have routing problem through IPsec vpn too. I use tunneling mode. If you use transport mode, this article will be helpful for you:
http://gregsowell.com/wp-content/upload ... k-vpn1.pdf
With ipip tunnel, you get an interface.
 
trn76
just joined
Topic Author
Posts: 13
Joined: Sat Aug 20, 2011 6:49 pm
Location: Norway
Contact:

Re: IPSec Tunneling - Help needed - part 2 - Static Routes

Fri Mar 21, 2014 11:19 am

Allright... Thanks everyone - and especially thanks to efaden for helping me out with this.
It's almost a shame that MikroTik does not support this...and confusing to say the least! :?
I've called the provider and asked for L2TP, IPIP or GRE, they gonne call me back and hopefully they can provide this.

...But for now, I've given up getting this to work - seems like there is no MT way!

Who is online

Users browsing this forum: Kindis, memphisgd and 89 guests