MikroTik

Posted: **Fri Mar 09, 2007 11:30 pm**

Hi,

while trying to connect two beta6 systems, we have troubles in setting up the required policies.

Every time we enter our ipsec policy (using tunnel mode) and pressing "assign" we automatically get 'two' policies generated where one is printed in red color (marked as 'invalid') and the other showing "no tunnel" and 0.0.0.0.

(BTW new NAT trversal feature in Peer setup is off)

Basic ipsec setup is taken from a 2.9.40 system and is working there.

So, what has changed in beta6 that policy cannot be used as before?

Thanks for any help.

Achim

Posted: **Mon Mar 12, 2007 8:51 am**

try to do this in console

Posted: **Thu Mar 15, 2007 9:44 am**

No, still does not work. I have this command (actual sa-src and sa-dst addresses clobbered for privacy)

[admin@vpn2-de] /ip ipsec policy> add src-address=172.17.0.0/16:any dst-address=172.16.0.0/16:any p
rotocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=a.b.c.d 
sa-dst-address=e.f.g.h proposal=myProposal manual-sa=none

And this results into this policy

[admin@vpn2-de] /ip ipsec policy> print
Flags: X - disabled, D - dynamic, I - inactive 
 0 I src-address=172.17.0.0/16:any dst-address=172.16.0.0/16:any protocol=all action=encrypt 
     level=require ipsec-protocols=esp tunnel=yes sa-src-address=a.b.c.d 
     sa-dst-address=e.f.g.h proposal=myProposal manual-sa=none priority=0 

 1 D src-address=172.16.0.0/32:any dst-address=172.17.0.0/32:any protocol=all action=encrypt 
     level=require ipsec-protocols=esp tunnel=yes sa-src-address=a.b.c.d      sa-dst-address=e.f.g.h proposal=default priority=0

I really don't understand what causes this.

Any comments or help would be fine. I assume this is a beta issue? Beause same configuration works on 2.9.40.

Thanks for help.

Achim

Posted: **Tue Mar 27, 2007 12:27 am**

Hi,

I was told by support to 'retest' this in the next v3.0 beta7.

So, any info when this is released?

Thanks,
Achim

MikroTik

ipsec tunnel changed?

ipsec tunnel changed?