MikroTik

I've just configured my multipath routing and things are going along okay until I configured IPSec. My tunnel drops its connection when I have my second route going. The tunnel is configured to just use one of my public IP addresses as the endpoint, I do not have another tunnel configured on the other public IP. If I disable the multipath routing by removing one of the gateways or by disabling second public interface, the tunnel comes by immediately. Otherwise it goes up and down all the time.

Is there something special I need to configure to get multipath routing and IPsec to work at the same time?


pace

Woohoo, I get to answer my own question. Hopefully this will help someone else out at some point...

The deal is that you have to make sure your IPSec traffic gets routed out the correct interface all the time. So you'll need to get some policy based routing going for your IPSec traffic and your IKE/isakmp traffic that is destined for the other endpoint of the IPsec tunnel. You'll need to make sure that this traffic always goes out the same gateway. So use a mangle rule on the output queue and route-mark that traffic and then use a routing rule to send that marked traffic out the correct direction.


pace

Hiya,

I am having the same problem. I have setup some policy based nat for IPSEC and UDP 500 on the output chain and then use the relevant routing mark to route the traffic down the correct gateway. Only problem is IPSEC seems to break whenever I do this! It works of I just have a route without the routing marks, am I missing somthing?

Thanks
Jamie