I have two networks connected via ipsec vpn with the following setup:
Code: Select all
/ip ipsec policy add disabled=yes dst-address=10.39.26.0/24 peer=VPN-peer proposal=VPN-proposal src-address=192.168.88.0/24 tunnel=yes
/ip ipsec proposal add enc-algorithms=aes-256-cbc lifetime=1d name=VPN-proposal pfs-group=modp2048
/ip ipsec peer add address=1.2.3.4 disabled=yes exchange-mode=aggressive name=VPN-peer profile=VPN-profile send-initial-contact=no
/ip ipsec identity add peer=VPN-peer secret=blahblah
/ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 name=VPN-profile
I don't have any non standard Firewall entries or custom routes. I've tried every combination I can but none worked.
Network 1:
Mikrotik 1 LAN: 192.168.88.0/24
Mikrotik 1 WAN: 5.6.7.8/24
Network 2:
Mikrotik 2 LAN: 10.39.26.0/24
Mikrotik 2 WAN: 1.2.3.4/24
On any client connected to Mikrotik 1 I can ping and access Mikrotik 2 itself and its clients. However, from Mikrotik 1 itself I can't ping Mikrotik 2 or any of its clients unless I specify the src Address in the ping. Now normally this wouldn't be a big deal, but the problem is that on Network 2 connected to Mikrotik 2 I have a DNS server that's being used to lookup local machines and try as I may I can't get Mikrotik 1 to use that DNS server.