I have two sites which are connected via a L2TP/IPSEC VPN. Everything works fine, the connection, the routing, etc..
I wanted to try WIreguard to connect both Mikrotik ROuters and it was not working until I disabled the L2TP/IPSEC. Once I disable the Lt2p/IPSEC VPN , the wireguard work correctly and traffic can flow through that interface.
Why are they not compatible?
Re: Wireguard and L2tp/IPSEC Incompatibility
They are, you can have both these tunnels in parallel, but you have to take some measures. The IPsec policy used to transport the L2TP packets must selectively match on UDP port 1701, which is the case if you let RouterOS create it for you but may not be the case if you have configured the IPsec part manually, so you may end up with "Wireguard over IPsec". And you have to use proper routing of the payload so that you can control which payload uses which tunnel if both are active.Why are they not compatible?
Without seeing the export of configurations of both devices, nothing more exact can be said.
Re: Wireguard and L2tp/IPSEC Incompatibility
Thanks for the prompt response. How do I configure IPSEC Policy to use Port 1701 for L2TP packets?
Re: Wireguard and L2tp/IPSEC Incompatibility
ip ipsec policy/
src-port=1701
dst-port=1701
protocol=udp
Make sure is in transport mode
src-port=1701
dst-port=1701
protocol=udp
Make sure is in transport mode
Re: Wireguard and L2tp/IPSEC Incompatibility
Thanks, it works. I have both tunnels working!!