Community discussions

MikroTik App
  4. RouterOS
  5. General

IPSEC between Mikrotik router and a Shrew client

Post Reply
 
arisk
newbie
Topic Author
Posts: 27
Joined: Wed Aug 01, 2018 12:56 pm

IPSEC between Mikrotik router and a Shrew client

Fri Jan 18, 2019 7:04 pm

Hello everyone,
Today i set up a RoadWarrior with Mode Conf. I only configured Ipsec and Shrew client, according these wiki pages
https://wiki.mikrotik.com/wiki/Manual:IP/IPsec
https://wiki.mikrotik.com/wiki/IPSEC_be ... rew_client .
Tunnel is enabled, i get an IP from pool, but i cannot ping hosts under router.
Here is my configuration
Code: Select all
/ip dhcp-server network
add address=172.15.10.0/24 dns-server=172.17.7.130 gateway=172.15.10.254
add address=172.15.20.0/24 dns-server=172.17.7.130 gateway=172.15.20.254

/ip dns
set allow-remote-requests=yes servers=172.17.7.254

/ip dns static
add address=172.15.99.254 name=router.lan

/ip firewall nat
add action=accept chain=srcnat dst-address=192.168.77.0/24 ipsec-policy=\
    out,ipsec src-address=172.15.10.0/24
add action=masquerade chain=srcnat out-interface=ether1

/ip ipsec peer
add address=0.0.0.0/0 auth-method=pre-shared-key-xauth generate-policy=\
    port-strict mode-config=rw-cfg passive=yes policy-template-group=\
    RoadWarrrior secret=123

/ip ipsec policy
add dst-address=192.168.77.0/24 group=RoadWarrrior src-address=172.15.10.0/24 \
    template=yes
add dst-address=192.168.77.0/24 group=RoadWarrrior src-address=172.15.99.0/24 \
    template=yes
add dst-address=192.168.77.0/24 group=RoadWarrrior src-address=172.15.20.0/24 \
    template=yes

/ip ipsec user
add name=user1 password=123
add name=user2 password=234
What is there that i'm missing? Any ideas?
Top
 
arisk
newbie
Topic Author
Posts: 27
Joined: Wed Aug 01, 2018 12:56 pm

Re: IPSEC between Mikrotik router and a Shrew client

Fri Jan 18, 2019 7:08 pm

Just in case it matters, all lans under router are virtual...
Top
Post Reply
  4. RouterOS
  5. General