Community discussions

MikroTik App
 
User avatar
Caci99
Forum Guru
Forum Guru
Topic Author
Posts: 1076
Joined: Wed Feb 21, 2007 2:26 pm
Location: Tirane
Contact:

Little hicckup IPSec tunnel ROS 7.15

Mon Jun 10, 2024 11:42 am

I experienced some weird behavior when moving from 6.49.13 to 7.15 with IPSec site to site tunnel.

Generally being cautious when moving from 6.49 to 7.x last week I did such upgrade for the purpose of moving capsman to wifi wave2. It all went smooth, with the exception of IPSec tunnel.

This tunnel would drop WEB connection or windows share folder connections but would allow RDP, ping. In before the tunnel was between my router 7.12.1 and remote 6.49.13. When remote moved to 7.15 this thing started happening. I reverted it back (with backup partiton) and all worked fine so surely upgrading to 7.15 caused it. Started to look and play with settings in IPSec tunnel, bridge settings, wifi capsman, TCP MSS with no result. Then started looking at firewall and there I found out the cause.

I have the usual three firewall rules which drop invalids packets in input, forward and output chain. The drop output was the cause of it, once I disabled it all started to work fine.

Why is this rule dropping some of the tunnel traffic, like web, share folder, app connections to remote server, but allowing RDP, ping? Could it be the TLS handshake?

Any thought about it or should i write to support?

Who is online

Users browsing this forum: kbabioch, sindy and 28 guests