Community discussions

MikroTik App
  4. RouterOS
  5. General

IPSec transport mode (block unencrypted traffic)

Post Reply
 
grg
newbie
Topic Author
Posts: 44
Joined: Fri Aug 20, 2010 9:51 am
Location: Latvia

IPSec transport mode (block unencrypted traffic)

Tue Mar 29, 2011 8:32 pm

Is there a way to set up firewall rules, that would only allow connection if it's encrypted? I'm asking this because to be able to use IPSec/L2TP I have to allow L2TP (UDP 1701) port for incoming connections on public interface. However there is no way I can make sure that L2TP connection is actually encrypted by IPSec. There was similar problem addressed in 2009 and it seems that no solution was provided: http://forum.mikrotik.com/viewtopic.php?f=2&t=30189

Any advice is highly appreciated.

Thanks.

grg
Top
 
jtroybailey
Member Candidate
Member Candidate
Posts: 176
Joined: Thu Oct 07, 2010 10:24 am
Location: Brisbane, Australia

Re: IPSec transport mode (block unencrypted traffic)

Wed Mar 30, 2011 12:31 am

this *should* do it:
Code: Select all
add action=encrypt disabled=no dst-address=1.1.1.1/32 dst-port=any \
    ipsec-protocols=esp level=require priority=0 proposal=default protocol=all \
    sa-dst-address=1.1.1.1 sa-src-address=2.2.2.2 src-address=\
    2.2.2.2/32 src-port=any tunnel=no
Top
Post Reply
  4. RouterOS
  5. General