My first Mikrotik - Mikrotik VPN - how do I test it?

n3rdx · Tue Jul 23, 2019 6:12 pm

Well, I was able to setup IPSEC, GRE tunnels between

(both mikrotik devices 6.45.2 Router OS) setup most like: https://wiki.mikrotik.com/wiki/Manual:I ... _using_DNS

HQ LAN to
RouterOS (A, IKEv2 Responder, GRE TunnelPublic, Fixed, DNS) to
-------------- internet cloud goes here ------------------ 
ISP Gateway (Public, Dynamic, NAT)  to 
RouterOS (B, IKEv2 Initiator, Ether1, GRE Tunnel) to 
Branch LAN

And the initiator does keep busy in contacting the responder thus:

11:08:30 ipsec,debug ipsec: => (size 0x60) 
11:08:30 ipsec,debug ipsec: 00000060 0341914d 012041a0 0bb2a0a2 c6dd19c0 c1fd94f4 8c2fe204 1ea6161a 
11:08:30 ipsec,debug ipsec: 674987e9 7be10408 82538725 856b3687 ccd94e59 2604a91c ade9b95f b9409156 
11:08:30 ipsec,debug ipsec: 386ebc1a 50086338 ff67e038 3cfd2f24 775c9e13 00000000 00000000 18000000 
11:08:30 ipsec,debug ipsec: ===== sending 124 bytes from 204.48.19.83[4500] to 69.250.215.130[4500] 
11:08:30 ipsec,debug ipsec: 1 times of 128 bytes message will be sent to 69.250.215.130[4500] 
11:08:30 ipsec,debug,packet ipsec: 90321230 13b89a9d c8ce7111 73133d55 2e202520 00000157 0000007c 00000
060 
11:08:30 ipsec,debug,packet ipsec: 0341914d 012041a0 0bb2a0a2 c6dd19c0 c1fd94f4 8c2fe204 1ea6161a 67498
7e9 
11:08:30 ipsec,debug,packet ipsec: 7be10408 82538725 856b3687 ccd94e59 2604a91c ade9b95f b9409156 386eb
c1a 
11:08:30 ipsec,debug,packet ipsec: 50086338 ff67e038 3cfd2f24 775c9e13 2bc6c252 b86a86aa c0593913 
11:08:30 ipsec,debug ipsec: ===== received 124 bytes from 69.250.215.130[4500] to 204.48.19.83[4500] 
11:08:30 ipsec,debug,packet ipsec: 90321230 13b89a9d c8ce7111 73133d55 2e202528 0000014c 0000007c 00000
060 
11:08:30 ipsec,debug,packet ipsec: 15d2c50a 7fb66f9f 9578a385 4d96b0b6 30e48a09 59cbd602 5b4e4a06 d4b50
1b1 
11:08:30 ipsec,debug,packet ipsec: b08417be 5dd1161f 801068d7 db4cf895 12d9b5f5 7aee9ddb 62027049 a6475
562 
11:08:30 ipsec,debug,packet ipsec: b2e3f93e aec6fc3d 6e73b325 b24a371d 4049b28c 71b98f8a d77b4f3d 
11:08:30 ipsec ipsec: -> ike2 reply, exchange: INFORMATIONAL:332 69.250.215.130[4500] 
11:08:30 ipsec ipsec: payload seen: ENC (96 bytes) 
11:08:30 ipsec ipsec: processing payload: ENC 
11:08:30 ipsec,debug ipsec: => iv (size 0x10) 
11:08:30 ipsec,debug ipsec: 15d2c50a 7fb66f9f 9578a385 4d96b0b6 
11:08:30 ipsec,debug ipsec: decrypted 
11:08:30 ipsec,debug,packet ipsec: => decrypted packet (size 0x0) 
11:08:30 ipsec ipsec: respond: info 
11:08:30 ipsec,debug ipsec: reply ignored 
11:08:49 ipsec,debug ipsec: KA: 204.48.19.83[4500]->69.250.215.130[4500] 
11:08:49 ipsec,debug ipsec: 1 times of 1 bytes message will be sent to 69.250.215.130[4500] 
11:08:49 ipsec,debug,packet ipsec: ff 
11:09:09 ipsec,debug ipsec: KA: 204.48.19.83[4500]->69.250.215.130[4500] 
11:09:09 ipsec,debug ipsec: 1 times of 1 bytes message will be sent to 69.250.215.130[4500] 
11:09:09 ipsec,debug,packet ipsec: ff 
11:09:29 ipsec,debug ipsec: KA: 204.48.19.83[4500]->69.250.215.130[4500] 
11:09:29 ipsec,debug ipsec: 1 times of 1 bytes message will be sent to 69.250.215.130[4500] 
11:09:29 ipsec,debug,packet ipsec: ff

Is there a handy tutorial to complete the steps / setup the routes / test the tunnel, after the GRE tunnel is active, so that I can move on to passing live traffic, from Branch LAN to HQ LAN?