How to let a certain port bypass IKEv2 on Mikrotik with IPSEC + IKEv2?

G

Gennady Chuzhinov2020-04-23 16:20:23

Mikrotik

Gennady Chuzhinov, 2020-04-23 16:20:23

It is necessary to let 2 ports bypass IKEv2 (the IPsec + IKEv2 connection is established by a microtome, the white list of addresses is not suitable), there are 2 UDP ports 41274 (single connection to the host) and 9993 they must be allowed to bypass IPSEC, which is better to choose a mark connection or mark pakect and how to set the mangle rule for routing packets (mark routing) from a local network node (local network node from which you need to bypass IPSEC, 10.1.1.111 (static))
Dynamic IPSEC policy.
PS IPsec + IKEv2 does not create an interface, unfortunately I do not consider other VPN connection options.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

K

korsar182, 2020-04-23
@korsar182

IPSec takes precedence over routing.

/ip ipsec policy
add  action=none dst-address=0.0.0.0/0 dst-port=41274 src-address=0.0.0.0/0 place-before=1
add  action=none dst-address=0.0.0.0/0 dst-port=9993src-address=0.0.0.0/0 place-before=1