Hi,

I have the IPSEC VPN server setup as per the wiki with two dynamic Routerboard clients (clients with dynamic IPs) connecting back to the router. If either one by themselves connect, things are fine. If I enable both Peer profiles (both having their address set to 0.0.0.0/0) only one of them successfully connects. If I set the dynamically assigned IP address of the problem peer in the server Peer Profile in IPSEC (replacing the 0.0.0.0/0), both peers connect fine. Oddly enough, its always the same peer that has the problem, no matter which connects first.

Having a quick read of the RFCs (a real quick read!) it would seem that the source IP address somehow makes up part of the authentication (or encryption?) packets. Since the client that is having problems is a PPPoE client (from their ISPs perspective), while the other client is a cable modem customer (straight dynamic/dhcp client) I suspect the problem is that the dynamic IP received over PPPoE is not making it into the clients IPSEC session properly.

I've posted another issue related to OpenVPN and PPPoE here:

http://forum.mikrotik.com/viewtopic.php?f=2&t=62251

Although the problems are dissimilar, the symptom clients are both PPPoE - and I'm starting to wonder if there is not some nasty bugs related to PPPoE clients and VPNs in general in ROS that need some squashing! Anyone else seeing this behaviour?

Thanks,

-Rob

OK gang,

Not getting any bites on this, so here is a picture and video to help stimulate some conversation!

I've attached a network diagram to this post and I've also added a DEMO VIDEO you can download from HERE.

I'm hoping the above information (which has also been sent to MT support) will be able to explain what we are trying to do and show what is failing. Any helpful feedback would be much appreciated!

Thanks,

-Rob
Network Consultant
LaneChange.Net

I am having the same issue. RB1100 AH x2