Community discussions

MikroTik App
  4. RouterOS
  5. Beginner Basics

IPsec VPN site to site

Locked
 
alexpaige
just joined
Topic Author
Posts: 1
Joined: Thu Nov 12, 2015 5:04 pm

IPsec VPN site to site

Thu Nov 12, 2015 5:19 pm

I am trying to setup a site to site VPN using Untangle version 11.2 as the server and a Mikrotik v6.32.3
I ran through the setup guide here https://www.nasa-security.net/mikrotik/ ... ik-how-to/

I have attached a screenshot of the log and the error I'm getting.
Mikrotik log.png
fatal NO-PROPOSAL-CHOSEN notify message, phase 1 should be deleted.

I have obviously made a mistake somewhere but I'm not sure where to start.

Any help would be greatly appreciated


Thanks
You do not have the required permissions to view the files attached to this post.
Top
 
jaytcsd
Member
Member
Posts: 335
Joined: Wed Dec 29, 2004 9:50 am
Location: Pittsboro IN
Contact:
Contact jaytcsd

Re: IPsec VPN site to site

Sun Nov 29, 2015 10:06 pm

Have you tried this setup?

http://gregsowell.com/wp-content/plugin ... .php?id=15

I can get the routers to ping but can't get any devices behind them to see the other side of the tunnel.
Top
 
User avatar
evince
Member
Member
Posts: 355
Joined: Thu Jul 05, 2012 12:11 pm
Location: Harzé - Belgique
Contact:
Contact evince

Re: IPsec VPN site to site

Mon Nov 30, 2015 9:51 am

Helle,

The src-address seems to be wrong, we can see in your logs 192.168.1.2. It should be a WAN IP.

Regards,
Top
 
downther0ad
just joined
Posts: 9
Joined: Mon Nov 02, 2015 10:21 pm

Re: IPsec VPN site to site

Mon Nov 30, 2015 5:07 pm

Hi

I was able to make a VPN IPSec with this conf:

router_1
Code: Select all
/ip ipsec policy>add src-address=<local_lan_router_1>/xx dst-address=<local_lan_router_2>/xx protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=<public_ip_router_1> sa-dst-address=<public_ip_router_2> proposal=default 
priority=0

/ip ipsec peer>add address=<public_ip_router_2> port=500 auth-method=pre-shared-key secret="some_password" exchange-mode=main send-initial-contact=yes proposal-check=obey hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 dpd-interval=
120 dpd-maximum-failures=5

/ip firewall nat>add chain=srcnat src-address=<local_lan_router_1>/xx dst-address=<local_lan_router_2>/xx action=accept disabled=no
router_2
Code: Select all
/ip ipsec policy>add src-address=<local_lan_router_2>/xx dst-address=<local_lan_router_1>/xx protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=<public_ip_router_2> sa-dst-address=<public_ip_router_1> proposal=default 
priority=0

/ip ipsec peer>add address=<public_ip_router_1> port=500 auth-method=pre-shared-key secret="some_password" exchange-mode=main send-initial-contact=yes proposal-check=obey hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 dpd-interval=
120 dpd-maximum-failures=5

/ip firewall nat>add chain=srcnat src-address=<local_lan_router_2>/xx dst-address=<local_lan_router_1>/xx action=accept disabled=no
Regards
Top
Locked
  4. RouterOS
  5. Beginner Basics