Community discussions

MikroTik App
 
vanikcz
newbie
Topic Author
Posts: 36
Joined: Wed Oct 14, 2015 11:06 pm

RoadWarrior L2TP/IPsec VPN not routing to IPsec site-to-site tunnel

Fri Apr 01, 2022 6:51 pm

Hi there,
I have three routers linked together by IPsec site-to-site vpn.

I'm elaborating with 7.1.5 version of ROS, but I have the same problem at 6.49.2. EDIT: Information about 6.49.2 was not true, there was another mistake in configuration, sorry.

Router1 LAN IP 192.168.50.1/24

Router2 LAN IP 192.168.51.1/24

Router3 LAN IP 192.168.52.1/24

Router1 is having tunnel with Router2, policies, routes and firewall rules are created, link is ok, data flowing, no problem at all.
Router2 is having tunnel with Router3, the same as above, working like a charm.

Router2 is also having L2TP/IPsec for road warriors with local address 192.168.60.1 and remote pool 192.168.60.20-192.168.60.60
L2TP is working well, I can ping the 192.168.60.1 from client, also I can access anyting in Router2 local networks.

The problem is, I can't access any network that is on Router1 or Router3. All router are created, all policies are established, firewall rules that accepts forward traffic from 192.168.50.0/24 -> 192.168.60.0/24 and back and so on are created on all routers. These rule's counters are even getting incremented, but no data are flowing.

I tried to setup arp-proxy on WAN interface, I tried to setup some other rules with InterfaceList of l2tp connections as well as AddressList of that connections, but Im having no luck.

Can you point me some new thing to try?

Best Regards,
Jan
Last edited by vanikcz on Mon Apr 04, 2022 12:31 am, edited 1 time in total.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: RoadWarrior L2TP/IPsec VPN not routing to IPsec site-to-site tunnel

Fri Apr 01, 2022 8:20 pm

Does it mean that all policies include 192.168.60.x/x? It could help if you posted what exactly you have.
 
vanikcz
newbie
Topic Author
Posts: 36
Joined: Wed Oct 14, 2015 11:06 pm

Re: RoadWarrior L2TP/IPsec VPN not routing to IPsec site-to-site tunnel

Mon Apr 04, 2022 12:29 am

Does it mean that all policies include 192.168.60.x/x? It could help if you posted what exactly you have.
Yes, there are all policies created. Now I tried to find some of mine customers that is using routing from RW VPN Client to another IPSec tunnel, and I found one. It is running on 6.49. So I tried to downgrade this new setup to 6.49 and it is working well without any change of configuration.

So it looks like it is problem in new firmware?

Best Regards,
Jan
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: RoadWarrior L2TP/IPsec VPN not routing to IPsec site-to-site tunnel

Mon Apr 04, 2022 4:31 am

Could be, it's not impossible. But 7.1.5 is out for almost two weeks, so if there was something clearly broken, I'd expect that somebody would have already mentioned something. Maybe you're doing something special that (almost) nobody else is doing, but since you didn't show even a single line of your config, it's hard to provide any useful feedback.
 
sy4
just joined
Posts: 3
Joined: Mon Aug 08, 2022 5:56 am

Re: RoadWarrior L2TP/IPsec VPN not routing to IPsec site-to-site tunnel

Mon Aug 08, 2022 5:58 am

Hi there,
I have three routers linked together by IPsec site-to-site vpn.

I'm elaborating with 7.1.5 version of ROS, but I have the same problem at 6.49.2. EDIT: Information about 6.49.2 was not true, there was another mistake in configuration, sorry.

Router1 LAN IP 192.168.50.1/24

Router2 LAN IP 192.168.51.1/24

Router3 LAN IP 192.168.52.1/24

Router1 is having tunnel with Router2, policies, routes and firewall rules are created, link is ok, data flowing, no problem at all.
Router2 is having tunnel with Router3, the same as above, working like a charm.

Router2 is also having L2TP/IPsec for road warriors with local address 192.168.60.1 and remote pool 192.168.60.20-192.168.60.60
L2TP is working well, I can ping the 192.168.60.1 from client, also I can access anyting in Router2 local networks.

The problem is, I can't access any network that is on Router1 or Router3. All router are created, all policies are established, firewall rules that accepts forward traffic from 192.168.50.0/24 -> 192.168.60.0/24 and back and so on are created on all routers. These rule's counters are even getting incremented, but no data are flowing.

I tried to setup arp-proxy on WAN interface, I tried to setup some other rules with InterfaceList of l2tp connections as well as AddressList of that connections, but Im having no luck.

Can you point me some new thing to try?

Best Regards,
Jan
I have a near identical setup with exactly the same issue. Could you elaborate on how you got it working?

Who is online

Users browsing this forum: No registered users and 59 guests