Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

IPSEC not working?

Locked
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

IPSEC not working?

Fri Mar 28, 2014 9:50 pm

Hi,

I am trying to connect 2 networks via ipsec ad when i goto remote peers it tells me its established yet there isn't any Installed SA's working and I cant ping locally either. Ex) i cant ping from one office to the other. Likes I cant ping 192.168.10.1 from 192.68.11.1. Below are my settings and a depiction of the networks

Settings for 192.168.10.x router
Code: Select all
# jan/02/1970 00:19:35 by RouterOS 6.11
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5,sha1,null enc-algorithms=des \
    lifetime=8h pfs-group=modp768
/ip pool
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface l2tp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.10.1/24 interface=ether2 network=192.168.10.0
add address=24.**** interface=ether1 network=24.****
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
/ip dns
set servers=8.8.8.8,24.92.226.12
/ip firewall filter
add chain=input disabled=yes protocol=ipsec-esp src-address=192.168.88.54
/ip firewall nat
add chain=srcnat comment="IPSEC RULE" dst-address=192.168.11.0/24 \
    src-address=192.168.10.0/24
add chain=srcnat protocol=ipsec-esp
add chain=dstnat protocol=ipsec-esp
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment=PPTP disabled=yes dst-port=1723 \
    in-interface=ether1 protocol=tcp to-addresses=192.168.10.2 to-ports=1723
add action=dst-nat chain=dstnat comment=PPTP disabled=yes dst-port=1723 \
    in-interface=ether1 protocol=udp to-addresses=192.168.10.2 to-ports=1723
/ip ipsec peer
add address=50.*****/32 dh-group=modp768 dpd-interval=10s enc-algorithm=\
    des lifetime=8h nat-traversal=yes secret="****"
/ip ipsec policy
add dst-address=192.168.11.0/24 sa-dst-address=50.***** sa-src-address=\
    24.**** src-address=192.168.10.0/24 tunnel=yes
/ip route
add distance=1 gateway=24.****
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system identity
set name=MTSMFRI
/system ntp client
set mode=broadcast
Settings for 192.168.11.x router
Code: Select all
# jan/02/1970 00:19:13 by RouterOS 6.11
#
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=md5,sha1,null enc-algorithms=des \
    lifetime=8h pfs-group=modp768
/ip pool
add name=dhcp_pool1 ranges=192.168.11.2-192.168.11.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/ip address
add address=192.168.11.1/24 interface=ether2 network=192.168.11.0
add address=50.**** interface=ether1 network=50****
/ip dhcp-server lease
add address=192.168.11.102 client-id=1:0:30:1b:47:b7:a3 mac-address=\
    00:30:1B:47:B7:A3 server=dhcp1
add address=192.168.11.101 client-id=1:0:e0:b6:15:b6:a9 mac-address=\
    00:E0:B6:15:B6:A9 server=dhcp1
add address=192.168.11.100 client-id=1:0:e0:b6:13:71:2e mac-address=\
    00:E0:B6:13:71:2E server=dhcp1
add address=192.168.11.103 client-id=1:0:c0:ee:b2:b9:79 mac-address=\
    00:C0:EE:B2:B9:79 server=dhcp1
/ip dhcp-server network
add address=192.168.11.0/24 gateway=192.168.11.1
/ip dns
set servers=192.168.11.1,8.8.8.8
/ip firewall filter
add chain=input protocol=ipsec-esp src-address=192.168.88.53
/ip firewall nat
add chain=srcnat dst-address=192.168.10.0/24 src-address=192.168.11.0/24
add chain=srcnat dst-address=192.168.11.0/24 src-address=192.168.10.0/24
add chain=srcnat protocol=ipsec-esp
add chain=dstnat protocol=ipsec-esp
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec peer
add address=24.**** dh-group=modp768 dpd-interval=10s enc-algorithm=\
    des lifetime=8h nat-traversal=yes secret="****"
/ip ipsec policy
add dst-address=192.168.10.0/24 sa-dst-address=24.**** sa-src-address=\
    50.**** src-address=192.168.11.0/24 tunnel=yes
/ip route
add distance=1 gateway=50.****
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system identity
set name=MTSMWEL
/system ntp client
set mode=broadcast
You do not have the required permissions to view the files attached to this post.
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: IPSEC not working?

Fri Mar 28, 2014 11:27 pm

Can you check that you have routes for the remote LAN pointing to the remote WAN address? The configs didn't seem to show such routes. The SAs won't be created until traffic causes an IPSEC attempt.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sat Mar 29, 2014 3:49 pm

Can you check that you have routes for the remote LAN pointing to the remote WAN address? The configs didn't seem to show such routes. The SAs won't be created until traffic causes an IPSEC attempt.
I think I am a bit lost here. So you want me to take the 24.x.x.x router that hosts the 192.168.10.x range and put a route in it for the remote router? Such as dst=192.168.11.0/24 with a gateway of the public remote 50.x.x.x ?
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: IPSEC not working?

Sat Mar 29, 2014 6:06 pm

I looked at the config in a rush - it looks like the traffic should be hitting the appropriate interface.

It sounds like it might be failing to select a proposal. Could you try using a specific proposal and set the proposal to:

Auth. - sha1 only
Encr. - aes-128 cbc only
Lifetime 00:30:00
PFS Group - modp768

at both ends.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sat Mar 29, 2014 8:59 pm

Ok I tried that and still no success :(
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: IPSEC not working?

Sat Mar 29, 2014 9:32 pm

OK - that combination should be OK so could you upload your configs again?
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sat Mar 29, 2014 9:53 pm

settings for 192.168.10.x router
Code: Select all
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] pfs-group=modp768
/ip pool
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface l2tp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.10.1/24 interface=ether2 network=192.168.10.0
add address=24.xxx interface=ether1 network=24.xxx
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
/ip dns
set servers=8.8.8.8,24.92.226.12
/ip firewall filter
add chain=input protocol=udp src-address=50xxx src-port=500
add chain=input protocol=ipsec-esp src-address=50xxx
/ip firewall nat
add chain=srcnat comment="IPSEC RULE" dst-address=192.168.11.0/24 \
    src-address=192.168.10.0/24
add chain=srcnat comment="IPSEC RULE" dst-address=192.168.10.0/24 \
    src-address=192.168.11.0/24
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment=PPTP dst-port=1723 in-interface=\
    ether1 protocol=tcp to-addresses=192.168.10.2 to-ports=1723
add action=dst-nat chain=dstnat comment=PPTP dst-port=1723 in-interface=\
    ether1 protocol=udp to-addresses=192.168.10.2 to-ports=1723
/ip ipsec peer
# Unsafe configuration, suggestion to use certificates
add address=50.xxx dh-group=modp768 dpd-interval=10s exchange-mode=\
    aggressive lifetime=30m nat-traversal=yes secret=xxx
/ip ipsec policy
add dst-address=192.168.11.0/24 sa-dst-address=50.xxx sa-src-address=\
    24.xxx src-address=192.168.10.0/24 tunnel=yes
/ip route
add distance=1 gateway=24.xxx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system identity
set name=MTSMFRI
/system ntp client
set mode=broadcast
Settings for 192.168.11.x router
Code: Select all
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] pfs-group=modp768
/ip pool
add name=dhcp_pool1 ranges=192.168.11.2-192.168.11.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/ip address
add address=192.168.11.1/24 interface=ether2 network=192.168.11.0
add address=50.xxx interface=ether1 network=50.xxx
/ip dhcp-server lease
add address=192.168.11.102 client-id=1:0:30:1b:47:b7:a3 mac-address=\
    00:30:1B:47:B7:A3 server=dhcp1
add address=192.168.11.101 client-id=1:0:e0:b6:15:b6:a9 mac-address=\
    00:E0:B6:15:B6:A9 server=dhcp1
add address=192.168.11.100 client-id=1:0:e0:b6:13:71:2e mac-address=\
    00:E0:B6:13:71:2E server=dhcp1
add address=192.168.11.103 client-id=1:0:c0:ee:b2:b9:79 mac-address=\
    00:C0:EE:B2:B9:79 server=dhcp1
/ip dhcp-server network
add address=192.168.11.0/24 gateway=192.168.11.1
/ip dns
set servers=8.8.8.8,192.168.11.1
/ip firewall filter
add chain=input protocol=udp src-address=24.xxx src-port=500
add chain=input protocol=ipsec-esp src-address=24xxx
/ip firewall nat
add chain=srcnat comment="IPSEC RULE" dst-address=192.168.10.0/24 \
    src-address=192.168.11.0/24
add chain=srcnat comment="IPSEC RULE" dst-address=192.168.11.0/24 \
    src-address=192.168.10.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec peer
# Unsafe configuration, suggestion to use certificates
add address=24.xxx dh-group=modp768 dpd-interval=10s exchange-mode=\
    aggressive lifetime=30m nat-traversal=yes secret=xxx
/ip ipsec policy
add dst-address=192.168.10.0/24 sa-dst-address=24xxx sa-src-address=\
    50xxx src-address=192.168.11.0/24 tunnel=yes
/ip route
add distance=1 gateway=50.xxx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system identity
set name=MTSMWEL
/system ntp client
set mode=broadcast
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: IPSEC not working?

Sat Mar 29, 2014 10:30 pm

Could you use a named profile (not default) with those settings so that it shows up fully in the configs. Then upload configs again.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sat Mar 29, 2014 10:43 pm

192.168.10.x router
Code: Select all
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] pfs-group=modp768
add enc-algorithms=3des name=prop pfs-group=modp768
/ip pool
add name=dhcp_pool1 ranges=192.168.10.2-192.168.10.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/interface l2tp-server server
set enabled=yes max-mru=1460 max-mtu=1460
/ip address
add address=192.168.10.1/24 interface=ether2 network=192.168.10.0
add address=24xxx interface=ether1 network=24xxx
/ip dhcp-server network
add address=192.168.10.0/24 gateway=192.168.10.1
/ip dns
set servers=8.8.8.8,24.92.226.12
/ip firewall filter
add chain=input protocol=udp src-address=50xxx src-port=500
add chain=input protocol=ipsec-esp src-address=50xxx
/ip firewall nat
add chain=srcnat comment="IPSEC RULE" dst-address=192.168.11.0/24 \
    src-address=192.168.10.0/24
add chain=srcnat comment="IPSEC RULE" dst-address=192.168.10.0/24 \
    src-address=192.168.11.0/24
add action=masquerade chain=srcnat out-interface=ether1
add action=dst-nat chain=dstnat comment=PPTP dst-port=1723 in-interface=\
    ether1 protocol=tcp to-addresses=192.168.10.2 to-ports=1723
add action=dst-nat chain=dstnat comment=PPTP dst-port=1723 in-interface=\
    ether1 protocol=udp to-addresses=192.168.10.2 to-ports=1723
/ip ipsec peer
# Unsafe configuration, suggestion to use certificates
add address=50xxx dh-group=modp768 dpd-interval=10s exchange-mode=\
    aggressive lifetime=30m nat-traversal=yes secret=xxx
/ip ipsec policy
add dst-address=192.168.11.0/24 proposal=prop sa-dst-address=50xxx \
    sa-src-address=24xxx src-address=192.168.10.0/24 tunnel=yes
/ip route
add distance=1 gateway=24xxx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system identity
set name=MTSMFRI
/system ntp client
set mode=broadcast
192.168.11.x router
Code: Select all
/interface ethernet
set [ find default-name=ether3 ] master-port=ether2
set [ find default-name=ether4 ] master-port=ether2
set [ find default-name=ether5 ] master-port=ether2
/ip hotspot user profile
set [ find default=yes ] idle-timeout=none keepalive-timeout=2m \
    mac-cookie-timeout=3d
/ip ipsec proposal
set [ find default=yes ] pfs-group=modp768
add enc-algorithms=3des name=prop pfs-group=modp768
/ip pool
add name=dhcp_pool1 ranges=192.168.11.2-192.168.11.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=ether2 name=dhcp1
/port
set 0 name=serial0
set 1 name=serial1
/system logging action
set 0 memory-lines=100
set 1 disk-lines-per-file=100
/ip address
add address=192.168.11.1/24 interface=ether2 network=192.168.11.0
add address=50xxx interface=ether1 network=50xxx
/ip dhcp-server lease
add address=192.168.11.102 client-id=1:0:30:1b:47:b7:a3 mac-address=\
    00:30:1B:47:B7:A3 server=dhcp1
add address=192.168.11.101 client-id=1:0:e0:b6:15:b6:a9 mac-address=\
    00:E0:B6:15:B6:A9 server=dhcp1
add address=192.168.11.100 client-id=1:0:e0:b6:13:71:2e mac-address=\
    00:E0:B6:13:71:2E server=dhcp1
add address=192.168.11.103 client-id=1:0:c0:ee:b2:b9:79 mac-address=\
    00:C0:EE:B2:B9:79 server=dhcp1
/ip dhcp-server network
add address=192.168.11.0/24 gateway=192.168.11.1
/ip dns
set servers=8.8.8.8,192.168.11.1
/ip firewall filter
add chain=input protocol=udp src-address=24xxx src-port=500
add chain=input protocol=ipsec-esp src-address=24xxx
/ip firewall nat
add chain=srcnat comment="IPSEC RULE" dst-address=192.168.10.0/24 \
    src-address=192.168.11.0/24
add chain=srcnat comment="IPSEC RULE" dst-address=192.168.11.0/24 \
    src-address=192.168.10.0/24
add action=masquerade chain=srcnat out-interface=ether1
/ip ipsec peer
# Unsafe configuration, suggestion to use certificates
add address=24xxxx dh-group=modp768 dpd-interval=10s exchange-mode=\
    aggressive lifetime=30m nat-traversal=yes secret=codered1234
/ip ipsec policy
add dst-address=192.168.10.0/24 proposal=prop sa-dst-address=24xxx \
    sa-src-address=50xxx src-address=192.168.11.0/24 tunnel=yes
/ip route
add distance=1 gateway=50xxx
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
/ip upnp
set allow-disable-external-interface=no
/system identity
set name=MTSMWEL
/system ntp client
set mode=broadcast
You do not have the required permissions to view the files attached to this post.
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: IPSEC not working?

Sat Mar 29, 2014 11:04 pm

OK - set the prop proposal to use aes-128 cbc rather than 3des and test again.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sat Mar 29, 2014 11:14 pm

Didnt work. Tryied killing connections and rebooting routers and still no change.
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: IPSEC not working?

Sun Mar 30, 2014 12:03 am

Switch on ipsec logging and see what the messages are.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sun Mar 30, 2014 4:58 am

I have no idea on what i am to look for;
There is nothing there saying it has failed or anything of the sort.

Perhaps I am fighting firmware issues? I have v6.11...? Does it have issues with IPSEC?
Nope. Downgraded to 6.7 and it didn't make a difference... Also tried 5.26 with same results
Ive also tried different encryption types.... idk... i just need to tunnel these networks... at this point idc how lol

Heres the log... =\
You do not have the required permissions to view the files attached to this post.
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: IPSEC not working?

Sun Mar 30, 2014 3:19 pm

Did you check the installed SAs when you looked at the log? The log entries suggest that you should have seen something there.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sun Mar 30, 2014 3:32 pm

After I rebooted the router I was able to get this shot
You do not have the required permissions to view the files attached to this post.
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: IPSEC not working?

Sun Mar 30, 2014 4:06 pm

Check the Installed SAs tab again. The screenshot shows an SA establishing.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sun Mar 30, 2014 4:10 pm

Here is the rest of them. I was going to just copy and paste the but it didnt seperate the lines and it was very hard to read.
You do not have the required permissions to view the files attached to this post.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sun Mar 30, 2014 4:12 pm

The SA still doesnt show anything
You do not have the required permissions to view the files attached to this post.
Top
 
CelticComms
Forum Guru
Forum Guru
Posts: 1765
Joined: Wed May 02, 2012 5:48 am

Re: IPSEC not working?

Sun Mar 30, 2014 4:14 pm

If you want me to look remotely email me.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sun Mar 30, 2014 4:15 pm

No matter what encryption I use I get the same result. no sa's
You do not have the required permissions to view the files attached to this post.
Top
 
lordzar
Frequent Visitor
Frequent Visitor
Posts: 94
Joined: Sat May 29, 2004 7:47 pm

Re: IPSEC not working?

Sun Mar 30, 2014 10:07 pm

A couple of things...


Not sure why the use of aggressive mode instead of main mode. Aggressive is mostly used when you are using dynamic policies.


Also... Sa's don't get established until there is "traffic of interest", so, if you are just typing "/ping 192.168.10.1" it will not work. The source address will not be correct. So it would never trigger a policy. You must use "/ping src-address=192.168.11.1 192.168.10.1" and it will take several pings for the tunnel to come up.

Because of the low level of integration of ipsec in the kernel, it's a very tricky beast.
Top
 
ProCon
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 97
Joined: Sat Sep 18, 2010 9:08 pm

Re: IPSEC not working?

Sun Mar 30, 2014 11:37 pm

Thanks to CelticComms, the issue has been resolved. Him and I were communicating via email. Thanks for all the help guys!
Top
Locked

Who is online

Users browsing this forum: neki and 25 guests
  4. RouterOS
  5. Beginner Basics