Hi,
I've configured an IPSec tunnel between 2 sites with Mikrotik and Linux OpenSwan 2.6 .
The network diagram is this:
(LAN) 192.168.15.0/24 ----- 192.168.15.254 (MikroTik) xxx.xxx.xxx.xxx ================= yyy.yyy.yyy.yyy (OpenSWan 2.6) 192.168.2.254 ------ 192.168.2.0/24
Tunnel is working good and from network 192.168.2.0/24 I can ping MikroTik remote private ip address 192.168.2.254 . So tunnel is working good.
But if I try to ping from any host on network 192.168.2.0/24 to any remote host of Lan 192.168.15.0/24 (ex: 192.168.2.1 -> 192.168.15.1) I cant reach him. Also I cant ping from any host in Lan 192.168.15.0/24 to Remote hosts in Lan 192.168.2.0/24.
The only way to ping it is to add a static route rule in the remote PC (192.168.15.1) to route traffic to network 192.168.2.0/24 to the Gateway 192.168.15.254 .
After adding this rule Im able to ping the remote host (ex: 192.168.2.1 -> 192.168.15.1 ). Also Im able to ping from this host to any remote host on Lan 192.168.2.0/24 . (ex: 192.168.15.1 -> 192.168.2.1).
I believe I need to add a routing rule in MikroTik but I cant find where.
I try to add it:
ip route add dst-address=192.168.2.0/24 gateway=ether2 pref-src=192.168.15.254
But didnt work
Also try:
ip route add dst-address=192.168.2.0/24 gateway=192.168.15.254
But it says in gateway unreachable
I dont want to add a static rule in all hosts in remote Lan 192.168.15.0/24 to be able to route the traffic for network 192.168.2.0/24, it should be done somewhere in MikroTik.
Anyone can help?
Thanks in advance.
-
-
brunomorais
just joined
- Posts: 3
- Joined:
- Contact:
Re: IPSec Tunnel - Cant ping remote network from one side
The same problem.
My config is:
192.168.8.0/24--192.168.8.254(mikrotikA)xxx.xxx.xxx.150--xxx.xxx.xxx.129==yyy.yyy.yyy.1--yyy.yyy.yyy.146(mikrotikB)192.168.4.254--192.168.4.0/24
Try to ping from 192.168.4.10 to 192.168.8.10: success
Try to ping from 192.168.8.10 to 192.168.4.10: unsuccessfull... xxx.xxx.xxx.129 say that network unreachable (that means packet not encrypted!)
I thing there is a problem with 192.168.8's mikrotik, but can't find error...
Any suggestions?
My config is:
192.168.8.0/24--192.168.8.254(mikrotikA)xxx.xxx.xxx.150--xxx.xxx.xxx.129==yyy.yyy.yyy.1--yyy.yyy.yyy.146(mikrotikB)192.168.4.254--192.168.4.0/24
Try to ping from 192.168.4.10 to 192.168.8.10: success
Try to ping from 192.168.8.10 to 192.168.4.10: unsuccessfull... xxx.xxx.xxx.129 say that network unreachable (that means packet not encrypted!)
I thing there is a problem with 192.168.8's mikrotik, but can't find error...
Any suggestions?
Re: IPSec Tunnel - Cant ping remote network from one side
Nobody can help and nobody know how to solve this...
Re: IPSec Tunnel - Cant ping remote network from one side
Try gregsowell.com
You need a src nat rule, as part of the vpn setup.
Vice versa on other side.
You need a src nat rule, as part of the vpn setup.
Code: Select all
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=accept src-address=192.168.1.0/24
dst-address=192.168.15.0/24
Code: Select all