Community discussions

MikroTik App
 
cbka
just joined
Topic Author
Posts: 19
Joined: Fri Dec 15, 2017 12:07 pm
Location: germany
Contact:

IPsec road warrior tunnel all traffic

Mon Mar 13, 2023 1:25 am

Hi folks,

i am trying to setup a ikev2 road warrior scenario where all traffic from the client should be routet through the IPsec GW
my problem is that the "no Track Chain=prerouting" disables masuqerading for the clients and so no traffic is passing...

any quick advise how to accomplish that all traffic from the client is routet through the CHR which is my IPsec Serverand gets masqueraded to the public ip of the CHR ?

with split tunneling averything works fine except for traffic on LAN interface of CHR but routet subnets with distances >0 are working just fine..

also the firewall filter forward chain is matching policies... i don't get this no track stuff...

Cheers,

Chris
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: IPsec road warrior tunnel all traffic

Mon Mar 13, 2023 2:19 am

If you want to use fireguard.........oops wireguard LOL, it takes 10 minute max to setup. Not familiar with ipsec and its best suited for an enterprise environment anyway
 
cbka
just joined
Topic Author
Posts: 19
Joined: Fri Dec 15, 2017 12:07 pm
Location: germany
Contact:

Re: IPsec road warrior tunnel all traffic

Mon Mar 13, 2023 11:06 am

If you want to use fireguard.........oops wireguard LOL, it takes 10 minute max to setup. Not familiar with ipsec and its best suited for an enterprise environment anyway
hi There, unfortunatly this is no optoin as the ipsec config is used for alwaysOn VPN
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: IPsec road warrior tunnel all traffic

Mon Mar 13, 2023 11:51 am

Why do you have the "no Track Chain=prerouting" ?
that seems the source of your problems...
 
User avatar
anav
Forum Guru
Forum Guru
Posts: 19106
Joined: Sun Feb 18, 2018 11:28 pm
Location: Nova Scotia, Canada
Contact:

Re: IPsec road warrior tunnel all traffic

Mon Mar 13, 2023 1:10 pm

Always on.? ................... that is why there is a persistent keep alive setting on the wireguard client side................... assuming the client device (router) is always on, the tunnel is always up.
 
cbka
just joined
Topic Author
Posts: 19
Joined: Fri Dec 15, 2017 12:07 pm
Location: germany
Contact:

Re: IPsec road warrior tunnel all traffic

Mon Mar 20, 2023 10:25 pm

Why do you have the "no Track Chain=prerouting" ?
that seems the source of your problems...
what would be the alternative 2 this ?
sorry for the delayed answer

Who is online

Users browsing this forum: apitsos, GoogleOther [Bot], neki and 70 guests