When the site's profile is manually disabled, users can connect to the VPN. When both profiles are active, the users can not connect, on the logs I am getting the error
"identity not found for peer: FQDN: User1"
On the IP > IPSec > Peers over the user's profile is writen
"This entry is unreachable"
Code: Select all
/ip ipsec policy group
add name=UsersVPNPolicy
add name=SitesVPNPolicy
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256,aes-128,3des name=UsersVPN
add dh-group=modp2048 enc-algorithm=aes-256,aes-128,3des name=SitesVPN
/ip ipsec peer
add exchange-mode=ike2 name=SitesVPN passive=yes profile=SitesVPN send-initial-contact=no
# This entry is unreachable
add exchange-mode=ike2 name=UsersVPN passive=yes profile=UsersVPN send-initial-contact=no
/ip ipsec proposal
add enc-algorithms=aes-256-cbc,aes-128-cbc name=UsersVPN pfs-group=none
add enc-algorithms=aes-256-cbc,aes-128-cbc name=SitesVPN pfs-group=none
/ip pool
add name=UsersVPNPool ranges=10.0.1.20-10.0.1.254
add name=SitesVPNPool ranges=10.0.2.20-10.0.2.254
/ip ipsec mode-config
add address-pool=UsersVPNPool name=UsersVPNConfiguration
add address-pool=SitesVPNPool name=SitesVPNConfiguration
/ip ipsec identity
add auth-method=eap-radius certificate=Certificate generate-policy=port-strict mode-config=UsersVPNConfiguration peer=UsersVPN policy-template-group=UsersVPNPolicy
add generate-policy=port-strict mode-config=SitesVPNConfiguration peer=SitesVPN policy-template-group=SitesVPNPolicy
/ip ipsec policy
add dst-address=10.0.1.0/24 group=UsersVPNPolicy proposal=UsersVPN src-address=0.0.0.0/0 template=yes
add dst-address=10.0.2.0/24 group=SitesVPNPolicy proposal=SitesVPN src-address=0.0.0.0/0 template=yes