Answer the question
In order to leave comments, you need to log in
C
C
chronius2019-09-18 21:51:09
chronius, 2019-09-18 21:51:09
How to route the traffic of Mikrotik itself through the IPSEC tunnel?
On Mikrotik, the client part of the IPSEC tunnel was raised. Traffic leaves the LAN segment through the IPSEC tunnel using src-nat to Address and everything works. But the traffic of MIKROTIKa itself (output) goes through the default gateway. The question is how to make it so that Mikrotik would walk through the tunnel in the same way.
3 answer(s)
@CityCat4
@tamogavk
@dronmaxman
C
CityCat4, 2019-09-19 @CityCat4
Pure IPSec has no client and server parts. Mikrotik easily raises the connection itself :)
Write a policy in such a way that local traffic gets into the tunnel.
Traffic in the output chain goes through the standard path: mangle->nat->filter, then gets into the postrouting chain, where mangle->nat goes, after which the bucket checks against the IPSec security policy table - does this packet need to be encrypted?
If it is necessary to encrypt, then the packet is encrypted in accordance with the security associations table and the encrypted packet again traverses the entire specified path
D
Denis Sechin, 2019-09-19 @tamogavk
What about the meaning? Well, make a ping from a source that goes into the tunnel
A
Andrey Barbolin, 2019-09-19 @dronmaxman
src-nat is most likely the IP address of the LAN interface? Again NAT where it shouldn't be. In order for Mikrotik to wrap its traffic in a tunnel, you need to raise IPIP routing over IPsec.
Similar questions
S
N
D
A
Y
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question