Community discussions

MikroTik App
 
5hahryar
just joined
Topic Author
Posts: 1
Joined: Thu Nov 04, 2021 1:52 pm

No internet access when ipsec fails to connect

Thu Nov 04, 2021 2:11 pm

Hey everyone, I'm having some issues with my configuration. I have a hAP lite and i'm using nordvpn with ipsec protocol to tunnel my traffic. The problem is that when the ipsec is trying to connect or when it is not connected, my internet connection drops on wifi (don't know if it drops on lan devices also or not). The strange thing is that inside the mikrotik's android app it says that internet connection is available on ether1, but even when I try to ping using ping tools inside routerOS, I get timeouts.

This is my config:

/interface bridge
add name=bridge1
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n channel-width=20/40mhz-eC \
disabled=no frequency=auto installation=indoor mode=ap-bridge \
ssid=Home wireless-protocol=802.11 wps-mode=disabled
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
mode=dynamic-keys supplicant-identity=MikroTik wpa-pre-shared-key=\
password wpa2-pre-shared-key=password
add authentication-types=wpa-psk,wpa2-psk mode=dynamic-keys name=guestProfile \
supplicant-identity=MikroTik wpa-pre-shared-key=pass \
wpa2-pre-shared-key=pass
/interface wireless
add mac-address=C6:AD:34:F1:80:B2 master-interface=wlan1 name=wlan4 \
security-profile=guestProfile ssid=Guest wps-mode=disabled
/ip ipsec mode-config
add name=NordVPN responder=no src-address-list=local
/ip ipsec policy group
add name=NordVPN
/ip ipsec profile
add name=NordVPN
/ip ipsec peer
add address=185.169.255.42/32 exchange-mode=ike2 name=NordVPN profile=NordVPN
/ip ipsec proposal
add lifetime=1h name=NordVPN pfs-group=none
/ip pool
add name=dhcp ranges=192.168.88.10-192.168.88.200
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 name=dhcp1
/interface bridge filter
# no interface
add action=drop chain=forward in-interface=*7
# no interface
add action=drop chain=forward out-interface=*7
# no interface
add action=drop chain=forward in-interface=wlan4
# no interface
add action=drop chain=forward out-interface=wlan4
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=*7
add bridge=bridge1 interface=*A
add bridge=bridge1 interface=wlan4
/interface detect-internet
set detect-interface-list=all
/interface list member
add interface=ether1 list=WAN
add list=LAN
add interface=bridge1 list=LAN
/interface wireless access-list
add ap-tx-limit=10000000 interface=wlan4
add ap-tx-limit=8
/ip address
add address=192.168.88.1/24 interface=ether2 network=192.168.88.0
/ip dhcp-client
add disabled=no interface=ether1
/ip dhcp-server lease
add address=192.168.88.166 client-id=1:dc:a6:32:ac:1d:fb mac-address=\
DC:A6:32:AC:1D:FD server=dhcp1
add address=192.168.88.164 client-id=1:dc:a6:32:ac:1d:fa mac-address=\
DC:A6:32:AC:1D:EA server=dhcp1
/ip dhcp-server network
add address=192.168.88.0/24 gateway=192.168.88.1 netmask=24
/ip dns
set servers=1.1.1.1,8.8.8.8
/ip firewall filter
add action=accept chain=input protocol=icmp
add action=accept chain=input connection-state=established
add action=accept chain=input connection-state=related
add action=drop chain=input in-interface-list=!LAN
/ip ipsec identity
add auth-method=eap certificate=root.der_0 eap-methods=eap-mschapv2 \
generate-policy=port-strict mode-config=NordVPN password=\
password peer=NordVPN policy-template-group=NordVPN \
username=username
/ip ipsec policy
add action=none dst-address=192.168.0.0/16 src-address=0.0.0.0/0
add dst-address=0.0.0.0/0 group=NordVPN proposal=NordVPN src-address=0.0.0.0/0
template=yes
/ip route
add distance=1 gateway=ether1
/system clock
/system logging
add topics=ipsec,!packet
/system ntp client
set enabled=yes primary-ntp=129.6.15.28 secondary-ntp=129.6.15.29
/tool graphing interface

Thank you.

Who is online

Users browsing this forum: fibracapi, hendry, raiod and 67 guests