Answer the question
In order to leave comments, you need to log in
Is there a problem setting up a VPN channel via EoIP with IPSec?
Good time, Happy New Year everyone! There are two offices and in each office a VPN channel is configured via Mikrotika RB951Ui-2Hnd via EoIP with IPSec. Mikrotik'ov data configuration is given:
Office 1:
> /export compact
# dec/26/2018 07:39:22 by RouterOS 6.43.7
# software id = 0ZJM-VT0Y
#
# model = 951Ui-2HnD
# serial number = 8A73087CB023
/interface bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes dial-on-demand=yes disabled=no interface=ether1 \
keepalive-timeout=60 name=UfaNet password=password key use-peer-dns=yes user=\
number
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode=ap-bridge \
ssid=Gip-elektro wireless-protocol=802.11
/interface eoip
add allow-fast-path=no ipsec- secret=ipsec password local-address=10.10.10.1 \
mac-address=FE:B2:75:17:4F:41 name=EoIP1 remote-address=10.10.10.2 \
tunnel-id=0
/interface wireless nstreme
set wlan1 enable -polling=no
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods="" \
group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant -identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=password \
wpa2-pre-shared-key=password
/ip pool
add name=dhcp_pool1 ranges=192.168.0.60-192.168.0.190
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge1 lease-time=3d name=\
dhcp1
/ppp profile
set *0 change-tcp-mss =no
add local-address=192.168.0.2 name=name use-compression=no use-encryption=\
no use-mpls=no
set *FFFFFFFE change-tcp-mss=no
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=EoIP1
add bridge=bridge1 disabled=yes interface=ether1
/interface l2tp-server server
set authentication=mschap2 enabled=yes
/ip address
add address=192.168.0.1/24 interface=bridge1 network=192.168.0.0
add address=ip address interface=ether1 network=IP address
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.1
/ip dns
set allow-remote-requests=yes
/ip firewall mangle
add action=change-mss chain=forward new-mss=1400 passthrough=yes protocol=tcp \
tcp -flags=syn tcp-mss=1453-65535
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24
add action=dst-nat chain=dstnat dst-address=10.10.10.1 dst-port =number \
in-interface=!ether1 protocol=tcp to-addresses=192.168.0.128 to-ports=3389
/ip route
add distance=1 dst-address=192.168.0.0/24 gateway=136.169.144.89 pref-src=\
192.168.0.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api-ssl disabled=yes
/ppp secret
add local-address=51.38.73.112 name=name password =password profile=\
default-encryption remote-address=136.169.144.89 service=l2tp
/system clock
set time-zone-name=Asia/Yekaterinburg
Office 2:
> /export compact
# dec/25/2018 18 :11:09 by RouterOS 6.43.7
# software id = CTI4-PLZQ
#
# model = 951Ui-2HnD
# serial number = 8A730860704B
/interface bridge
add name=bridge1
/interface pppoe-client
add add-default-route=yes dial-on-demand=yes disabled=no interface =ether1 \
keepalive-timeout=60 name=UfaNet password=password use-peer-dns=yes user=\
number
/interface wireless
set [ find default-name=wlan1 ] band=2ghz-b/g/n disabled=no mode =ap-bridge \
ssid=Elektro wireless-protocol=802.11
/interface eoip
add allow-fast-path=no ipsec-secret=ipsec password local-address=10.10.10.2 \
mac-address=FE:75:69:B5: 5F:74 name=EoIP1 remote-address=10.10.10.1 \
tunnel-id=0
/interface wireless nstreme
set wlan1 enable-polling=no
/interface list
add name=WAN
add name=LAN
/interface wireless security-profiles
set [ find default=yes ] authentication-types=wpa-psk,wpa2-psk eap-methods= "" \
group-ciphers=tkip,aes-ccm mode=dynamic-keys supplicant-identity=MikroTik \
unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key=password \
wpa2-pre-shared-key= password
/ip pool
add name=dhcp ranges=192.168.0.191-192.168.0.254
/ip dhcp-server
add address-pool=dhcp disabled=no interface=bridge1 lease-time=3d name=dhcp1
/ppp profile
set *0 change- tcp-mss=no
set *FFFFFFFE change-tcp-mss=no
/interface bridge port
add bridge=bridge1 interface=ether2
add bridge=bridge1 interface=ether3
add bridge=bridge1 interface=ether4
add bridge=bridge1 interface=ether5
add bridge=bridge1 interface=wlan1
add bridge=bridge1 interface=EoIP1
/interface list member
add interface=UfaNet list=WAN
add interface=bridge1 list=LAN
/ip address
add address=192.168.0.2/24 interface=ether2 network=192.168.0.0
add address=10.10.10.2 interface=UfaNet network=10.10.10.2
/ip dhcp-server network
add address=192.168.0.0/24 gateway=192.168.0.2
/ip firewall mangle
add action=change-mss chain=postrouting new-mss=1360 passthrough=yes protocol=\
tcp tcp-flags=syn
/ip firewall nat
add action=masquerade chain=srcnat src-address=192.168.0.0/24
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set api -ssl disabled=yes
/system clock
set time-zone-name=Asia/Yekaterinburg
The problem is this: 1) some sites do not want to open 2) after 30 minutes of work, the Internet speed starts to decrease and in the second office the router does not connect after reboot ( receives a different IP from the provider). What could be the problem? Thanks
Answer the question
In order to leave comments, you need to log in
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question