Community discussions

MikroTik App
 
navarretejuan
just joined
Topic Author
Posts: 3
Joined: Tue Sep 05, 2023 10:11 pm

IPSEC - ping from terminal does not use tunnel

Fri Jan 24, 2025 5:25 pm

I have a mikrotik VPN with IPSEC set up.
Almost everything works fine, the computers on both networks have communication.
However, when pinging from the mikrotik terminal on network 1 to the computers on network 2, the ping does not go out through the tunnel, but rather through the WAN.
But I repeat, the computers on network 1 can ping the computers on network 2.
Any suggestions on how to force it to go out through the tunnel?
It's not L2TP, so there's no interface I could define in ip/routes.
 
User avatar
baragoon
Member
Member
Posts: 390
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA
Contact:

Re: IPSEC - ping from terminal does not use tunnel

Fri Jan 24, 2025 5:57 pm

you should wait for someone with the magic crystal ball
 
User avatar
sindy
Forum Guru
Forum Guru
Posts: 11367
Joined: Mon Dec 04, 2017 9:19 pm

Re: IPSEC - ping from terminal does not use tunnel

Sat Jan 25, 2025 10:54 am

To translate @baragoon's comment - you have not provided enough information for any serious analysis.

The following information is necessary:
  1. an export of configuration of both devices - whereas an export does not contain any passwords and passphhrases, there is still a lot of information you may not want to publish - like usernames to external services, e-mail addresses, public/global IP addresses, MAC addresses, or serial numbers of the devices. So you need to manually obfuscate this information, but when obfuscating public and global addresses, you have to do that using a text editor where you replace first three bytes of the public addresses and the first three words of the global addresses by some strings like public.subnet.1 in all the files you are going to post, so that the relationship between individual addresses and gateways would remain visible across all the configurations.
  2. the particular ping that takes the wrong path (from what address you ping, to what address you ping).
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 3109
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: IPSEC - ping from terminal does not use tunnel

Sat Jan 25, 2025 3:55 pm

1. You can check in IP/Firewall/Connections what src-addr is used for that ping packets and try to figure out why that particular one is used (lowest/highest/which interface etc) ?
2. Try to use /ping x.x.x.x src-address=anyassignedtoyourinterfacesaddress to check which address let you get behind the tunnel and figure out what to do to "persuade" router to use the proper one.