Hi Guys,
I have created a l2tp/ipsec tunnel from a windows 10 client (using native windows client).
It works fine except that what I would like is that only the trafic destined for the remote networks pases over the tunnel.
At his point all trafic is routed to the remote MT.
Can someone point out where my problem is please... Thanks
here is my config:
/ip ipsec proposal
set [ find default=yes ] enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des
add enc-algorithms=aes-256-cbc,aes-192-cbc,aes-128-cbc,3des name=proposal1
/ip pool
add name=default-dhcp ranges=192.168.88.105-192.168.88.200
/ip dhcp-server
add address-pool=default-dhcp disabled=no interface=bridge name=Default
/interface l2tp-server server
set enabled=yes ipsec-secret=X.X.X use-ipsec=yes
/interface list member
add comment=defconf interface=bridge list=LAN
add comment=defconf interface=ether1 list=WAN
/ip address
add address=192.168.88.1/24 comment=defconf interface=bridge network=192.168.88.0
add address=X.X.X.186/29 interface=ether1 network=X.X.X.184
/ip firewall filter
add action=accept chain=input dst-port=4500 protocol=udp
add action=accept chain=input dst-port=1701 protocol=udp
add action=accept chain=input dst-port=500 protocol=udp
add action=accept chain=input dst-port=8291 protocol=tcp
add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
add action=drop chain=input comment="defconf: drop all not coming from LAN" in-interface-list=!LAN
add action=accept chain=forward comment="defconf: accept in ipsec policy" ipsec-policy=in,ipsec
add action=accept chain=forward comment="defconf: accept out ipsec policy" ipsec-policy=out,ipsec
add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related
add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
add action=drop chain=forward comment="defconf: drop invalid" connection-state=invalid
add action=drop chain=forward comment= "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat connection-state=new in-interface-list=WAN
/ip firewall nat
add action=masquerade chain=srcnat comment="defconf: masquerade" ipsec-policy=out,none out-interface-list=WAN
/ip route
add distance=1 gateway=X.X.X.185
/ppp secret
add local-address=192.168.188.1 name=YYYYY password=X.X.X remote-address=192.168.188.46 service=l2tp
add local-address=192.168.188.1 name=XXXXX password=X.X.X remote-address=192.168.188.47 service=l2tp