Community discussions

MikroTik App
  4. RouterOS
  5. General

ROS v7 - EoIP Ipsec

Post Reply
 
savage
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:
Contact savage

ROS v7 - EoIP Ipsec

Wed Feb 07, 2024 5:21 pm

Hi,

Is it just me, or is ipsec on eoip tunnels also not working / implemented?

thnx
Top
 
Limer
just joined
Posts: 24
Joined: Tue Dec 06, 2011 1:41 pm
Location: Ruda Slaska / Poland
Contact:
Contact Limer

Re: ROS v7 - EoIP Ipsec

Thu Feb 08, 2024 10:44 am

It works. I set up such tunnels. What configuration do you have?
Top
 
savage
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:
Contact savage

Re: ROS v7 - EoIP Ipsec

Thu Feb 08, 2024 10:53 am

It works. I set up such tunnels. What configuration do you have?
7.13.3? I know it works adding the ipsec key to the EoIP configuration, but no ipsec phase 1 / phase 2 is configured in /ip/ipsec?

Packet dumps also indicate gre traffic, and not ipsec traffic.
Code: Select all
[admin@MikroTik] > /interface/eoip/print  
Flags: X - disabled; R - running 
 0  R name="test" mtu=1500 actual-mtu=1500 l2mtu=65535 mac-address=02:10:8D:42:BD:B6 arp=enabled arp-timeout=auto 
      loop-protect=default loop-protect-status=off loop-protect-send-interval=5s loop-protect-disable-time=5m local-address=x 
      remote-address=y tunnel-id=10 keepalive=10s,10 dscp=inherit clamp-tcp-mss=yes dont-fragment=no ipsec-secret="x"
      allow-fast-path=no 
[admin@MikroTik] > /ip/ipsec/installed-sa/print 

[admin@MikroTik] > /ip/ipsec/peer/print         
Flags: X - disabled; D - dynamic; R - responder
Top
 
Limer
just joined
Posts: 24
Joined: Tue Dec 06, 2011 1:41 pm
Location: Ruda Slaska / Poland
Contact:
Contact Limer

Re: ROS v7 - EoIP Ipsec

Thu Feb 08, 2024 11:02 am

My ROS 7.13.2

You have configured tunnels on both sides ?
Top
 
savage
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:
Contact savage

Re: ROS v7 - EoIP Ipsec

Thu Feb 08, 2024 11:04 am

You have configured tunnels on both sides ?
Of course. The tunnel is in a Running state.

Hmpf. Will look at it some more then. Maybe I am missing something.
Top
 
Limer
just joined
Posts: 24
Joined: Tue Dec 06, 2011 1:41 pm
Location: Ruda Slaska / Poland
Contact:
Contact Limer

Re: ROS v7 - EoIP Ipsec

Thu Feb 08, 2024 11:11 am

Local and Remote address is public or private ?
Top
 
savage
Forum Guru
Forum Guru
Topic Author
Posts: 1280
Joined: Mon Oct 18, 2004 12:07 am
Location: Cape Town, South Africa
Contact:
Contact savage

Re: ROS v7 - EoIP Ipsec

Thu Feb 08, 2024 11:16 am

Public

Tunnel ran fine with ROSv6 ipsec enabled. Tunnel runs fine on ROSv7 too, the ipsec is just not configured and visible in /ip/ipsec, and traffic on the tunnel is unencrypted, even though ipsec is enabled on the EoIP configuration. Seems to me that ROSv7 is ignoring the ipsec secret configuration.
Top
 
Limer
just joined
Posts: 24
Joined: Tue Dec 06, 2011 1:41 pm
Location: Ruda Slaska / Poland
Contact:
Contact Limer

Re: ROS v7 - EoIP Ipsec

Thu Feb 08, 2024 11:48 am

Maybe in log debug for IPSec you will see something ?
Top
Post Reply
  4. RouterOS
  5. General