Community discussions

 
pischta
just joined
Topic Author
Posts: 8
Joined: Fri May 10, 2013 12:47 pm

ipsec tunnel between two rb450g

Wed May 27, 2015 11:40 am

Hi,

I would like to use site-to-site vpn tunnel. I set it up, connection established, but I cannot ping the remote lan. I tried both direction. My setup is based on this. Some moths ago I used ipsec tunnel with these routers, but then the Internet connection was not available for months on one site. After then, the network settings are changed. We have another ISP, another (but permanent) IP on both site. I adjusted the parameters for the new settings, but the vpn didn't work. I decided to reset the routers, and configure them from scratch. I used Routeros v5.27, so I upgraded to v6.28. With the new version and new settings, the tunnel established, but I cannot ping the remote site. I see on the remote router on the forward accept rule the packets matches, but don't come back (maybe don't arrive there?).
I tried the ping from client to client, and from router to router (with the router's local ip as souce) , but without success.
 
lz1dsb
Member Candidate
Member Candidate
Posts: 222
Joined: Wed Aug 07, 2013 11:48 am

Re: ipsec tunnel between two rb450g

Wed May 27, 2015 11:59 am

Which address do you ping? Is it an address of the router itself? If you ping an address of the router, your should be checking the Input chain. Forward chain is for packets passing through the router...
 
pischta
just joined
Topic Author
Posts: 8
Joined: Fri May 10, 2013 12:47 pm

Re: ipsec tunnel between two rb450g

Wed May 27, 2015 1:29 pm

Which address do you ping? Is it an address of the router itself? If you ping an address of the router, your should be checking the Input chain. Forward chain is for packets passing through the router...
Yes, I know that when I ping the local address of the router, it appears in the input chain. I pinged that too, but I pinged a client on the second site from a client on the first site also. In this case, I saw the packets matched on the forward chain on the second site...
 
pischta
just joined
Topic Author
Posts: 8
Joined: Fri May 10, 2013 12:47 pm

Re: ipsec tunnel between two rb450g

Fri May 29, 2015 10:35 am

Problem solved.
The error was assymetric: when I pinged a client in B network from A network, on the router in B I saw the packets on the forward chain. When I pinged a client in A network, from B network, I didn't see any packets coming from B network on Router A.
It turned out that the problem was outside from the two router. In site A, there is an another router, in front of the Routerboard. I have some access for that router. There are predefined, fixed firewall rules on it, and I can add additional rules. I did it, but it wasn't enough, the router maintainer helped me to set it up correctly.
 
rikinkansara
just joined
Posts: 2
Joined: Sun Sep 23, 2012 3:27 pm

Re: ipsec tunnel between two rb450g

Fri May 29, 2015 7:01 pm

Hi

My VPN IPsec is based on this link https://www.youtube.com/embed/y68Dx8iPikA

I tried and my tunnel got established but only problem is that as soon as the tunnel gets established, I do loose both my internet access as well as local router access.

Please guide me what firewall rules i need to add to avoid this problem.

Thanks
Rikin
 
rikinkansara
just joined
Posts: 2
Joined: Sun Sep 23, 2012 3:27 pm

Re: ipsec tunnel between two rb450g

Mon Jun 01, 2015 10:41 am

Need Help

Thanks
Rikin
 
pischta
just joined
Topic Author
Posts: 8
Joined: Fri May 10, 2013 12:47 pm

Re: ipsec tunnel between two rb450g

Thu Jun 11, 2015 3:25 pm

Hi Rikin,

sorry, I didn't visit my topic. If you didn't already solve your problem, please open new topic for it.

Who is online

Users browsing this forum: No registered users and 111 guests