Hi,
Please, assume a next scenario:
[web server] <--> [ eth1 Mktk-2.9.13 eth0(pppoe-out1)] <== internet ==> [ eth0(fiber) Mktk-2.9.13 eth1 ] <--> LAN
I have configured IPsec according to the documentation (http://www.mikrotik.com/docs/ros/2.9/ip/ipsec - "IPsec Between two Masquerading MikroTik Routers") with the following problem:
I got a tunnel between Mikrotik routers and I was able to ping my 'web-server' from my LAN location (laptop with configured local IP). I could also access my 'web-server' by a web-browser.
The problem is ping from Mktk DSL router - I wasn't able to ping and access my LAN from my 'web-server' location through DSL connection !
I have tried to change MTU size and Mangle-Forward firewall rules to solve the problem but without results.
However, the only possible way to ping my LAN from my Mktk DSL router was a command prompt ping:
/ping xxx.yyy.zzz src-address=111.222.333 (xxx.yyy.zzz is a local IP address in my LAN and 111.222.333 is a local IP address of my Mktk DSL router - eth1)
Does anybody know which configuration or setup is necessary to be applied on DSL Mkt router to get a normal communication with another IPsec peer and Local network (additioanl routing or ...) ?
Thank you.
D.
perhaps this one could help you: http://forum.mikrotik.com//viewtopic.php?t=6102
IPsec over PPPoE ...
I have tried using transport + tunnel scenario but without positive results.
I have also tried to install and test 2.9.14 but have got the same result.
Even worse I tried to make testing IPsec VPN between 2 Mkt routers through local router (testing env.) and experienced the similar problems as those in PPPoE scenario.
In comparison with other IPsec software (FreeSWan or Racoon implementations) I got positive results and such systems are working well.
Maybe I am doing something wrong during configuration process.
Thank you for your answer and help so far.
D.
I have also tried to install and test 2.9.14 but have got the same result.
Even worse I tried to make testing IPsec VPN between 2 Mkt routers through local router (testing env.) and experienced the similar problems as those in PPPoE scenario.
In comparison with other IPsec software (FreeSWan or Racoon implementations) I got positive results and such systems are working well.
Maybe I am doing something wrong during configuration process.
Thank you for your answer and help so far.
D.
Re: IPsec over PPPoE ...
Static public IP-addresses on both sides? if yes, then everything should be working nicely.
I have now a few important and reliable IPSec links up and running with MT-routers. Its quite easy after the first one;-)
The only thing i can't get to work yet is with dynamic IP-addresses (using PPTP as a workaround)
Maybe posting log-files could help.
I have now a few important and reliable IPSec links up and running with MT-routers. Its quite easy after the first one;-)
The only thing i can't get to work yet is with dynamic IP-addresses (using PPTP as a workaround)
Maybe posting log-files could help.