Community discussions

MikroTik App
 
servaris
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Tue May 20, 2014 4:30 pm
Location: Planet Earth
Contact:

How to use IP Pools for RoadWarrior IKEv2 connections?

Sun Jan 29, 2023 5:58 pm

Hi,
Have working RoadWarrior IKEv2 configuration. Only one issue, how to get IP Pool IP addresses used like the clients received for L2TP/IPSec VPN?
There are 3 groups, each group has their own IP Pool. What has to be changed/added so when a client connects to the Mikrotik router with IKEv2 they get one of the public IP Addresses from their IP Pool?

Thanks.
 
RiFF
newbie
Posts: 34
Joined: Sun Apr 29, 2018 9:35 pm

Re: How to use IP Pools for RoadWarrior IKEv2 connections?

Sun Jan 29, 2023 11:03 pm

It's possible but with RADIUS Server (you have to use Framed-Pool attribute). Look at second part this presentation - (BONUS ;)) - https://mbum.pl/archive/mbum5/Profilowa ... %20VPN.pdf (Polish language)
 
servaris
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Tue May 20, 2014 4:30 pm
Location: Planet Earth
Contact:

Re: How to use IP Pools for RoadWarrior IKEv2 connections?

Tue Jan 31, 2023 2:39 pm

Hi,
With IKEv2 connection the IP address one has from their router or ISP is NOT masqueraded like it is with L2TP/IPsec. Even though I am given an IP address from the attribute | ip-pool name, entering 'my ip' into search engine produces the IP address given by the local ISP which to me is absolutely useless. Conversely with L2TP/IPSec doing the same search clearly hides my originating IP address.

How to accomplish the 'masquerading' of my IP address and only show the IP address received from the IP Pool with IK2v2?

Because IKEv2 doesn't masquerade my IP address with the IP address from the IP Pool, cannot get to any site behind the Mikrotik router because the sites ONLY allow connections from the IP addresses from the IP Pool.
 
RiFF
newbie
Posts: 34
Joined: Sun Apr 29, 2018 9:35 pm

Re: How to use IP Pools for RoadWarrior IKEv2 connections?

Tue Jan 31, 2023 5:03 pm

Quick advice, check what do you have in split-include field (Mode Configs Tab - https://help.mikrotik.com/docs/display/ ... odeconfigs) ? You should have 0.0.0.0/0 to push all traffic from client to tunnel
Additional advice - always disable IPv6 on the network interface to avoid leaking traffic using this protocol (it takes precedence over IPv4)

Who is online

Users browsing this forum: Bing [Bot] and 62 guests