Community discussions

MikroTik App
 
herbata
just joined
Topic Author
Posts: 1
Joined: Thu Dec 01, 2022 3:21 pm

IPSEC virtual ip prefix length

Thu Dec 01, 2022 3:44 pm

Hi all.
Mikrotik with ROS 7.6 acts as initiator. And strongswan is responder.
On strongswan side peer configured like this:
conn branch.test
        keyexchange=ikev2
        left=xx.xx.xx.xx
        rightid="branch.test"
        rightsourceip=10.30.5.20
        type=transport
        auto=add
Therefore, I expect Mikrotik to take the ip 10.30.5.20. And that's what he does, but with /24 prefix length. I mean 10.30.5.20/24.
When I set up the same connection on a PC, it gets the address 10.30.5.20/32. This is the behavior I want to get.
The question is why Mikrotik uses mask /24 instead of /32 and how can i change that? Because everything works fine, but the /24 netmask breaks the routing a bit.

Who is online

Users browsing this forum: DeltaCreek, Fasder, korg, ptoump, TeWe and 85 guests