Hi;
Mikrotik v7.5 Conf;
/ip ipsec mode-config
set [ find default=yes ] src-address-list=local
/ip ipsec peer
add address=82.222.XXX.XXX/32 exchange-mode=ike2 local-address=5.26.XXX.XXX name=test
/ip ipsec profile
set [ find default=yes ] dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=8h name=ike_crypto nat-traversal=no
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc lifetime=1h pfs-group=modp2048
/ip ipsec identity
add peer=test
/ip ipsec policy
add dst-address=192.168.100.0/23 level=unique peer=test src-address=10.10.5.0/24 tunnel=yes
/interface gre
add allow-fast-path=no clamp-tcp-mss=no local-address=10.10.5.1 mtu=1400 name=gre remote-address=192.168.101.1
/ip firewall mangle
add action=route chain=prerouting passthrough=yes route-dst=10.0.0.1 src-address=10.10.5.0/24
/ip address/print
# ADDRESS NETWORK INTERFACE
0 10.10.5.1/24 10.10.5.0 Bridge
1 10.0.0.2/30 10.0.0.0 gre
2 5.26.XXX.XXX/28 5.26.XXX.XXX WA
/ip route print
# DST-ADDRESS GATEWAY DISTANCE
0 Xs 0.0.0.0/0 10.0.0.1 1
1 As 0.0.0.0/0 5.26.XXX.XXX 1
DAc 5.26.XXX.XXX/28 WAN 0
DAc 10.0.0.0/30 gre 0
DAc 10.10.5.0/24 Bridge 0
other routing method tried;
/ip firewall/mangle/prin
chain=prerouting action=mark-routing new-routing-mark=route_vpn passthrough=yes src-address=10.10.5.0/24 log=no log-prefix=""
/ip route
add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=10.0.0.1 pref-src="" routing-table=route_vpn scope=30 suppress-hw-offload=no target-scope=10
This is paloalto log.. actually real source 10.10.5.200 ..
source address is 10.0.0.2 in all logs..
Thanks..
My ipsec and gre is working... traffic is routed via GRE. But ... all traffic to paloalto comes from 10.0.0.2(Mikrotik GRE adress 10.0.0.2/30). How can i fix it ? i need to see clients LAN ip adress.