Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
G
G
gadzhikuliev2022-02-08 17:55:09
VPN
gadzhikuliev, 2022-02-08 17:55:09

Why is the gateway not pinged from client PCs while the IPSec tunnel is running?

The gateway does not ping when I direct all the traffic of the local network to all remote ones - 0.0.0.0/0.

Mikrotik device with RouterOS 6.48.6. Here are the policy rules:

Flags: T - template, B - backup, X - disabled, D - dynamic, I - invalid, A - active, * - default 
 #      PE TUN SRC-ADDRESS                                   DST-ADDRESS                                  
 0 T X*        ::/0                                          ::/0                                         
 1   A  Mo yes 10.20.50.0/24                                 0.0.0.0/0                                    
 2   XI  Mo yes 10.20.50.0/24                                 172.31.0.0/16                                
 3   XI  Mo yes 10.20.50.0/24                                 172.29.0.0/16                                
 4   XI  Mo yes 10.20.50.0/24                                 172.17.0.0/16                                
 5   XI  Mo yes 10.20.50.0/24                                 10.100.20.0/24


Rules 2, 3, 4 and 5 are off. Only rule 1 works, directing all traffic to all remote networks terminated on the piece of iron of the central office, and from the same piece of iron goes to the Internet. The gateway for clients is 10.20.50.1. DHCP works, the Internet works - no complaints. But the gateway itself does not ping from every PC in the office - therefore, it is impossible to connect to Mikrotik without creating an additional internal interface with another network. There are no firewall rules that restrict connections through the internal interface. Permissions for the office network are registered in IP -> Services.

What could be the problem?

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

1 answer(s)
Report
K
korsar182, 2022-02-09
@gadzhikuliev

Add rules

/ip ipsec policy add action=none dst-address=10.20.50.0/24 src-address=10.20.50.0/24 place-before=0
/ip firewall nat add action=accept chain=srcnat ipsec-policy=out,ipsec place-before=0

Similar questions
I
Ivanko2018-05-31 12:01:39
Is there a VPN client (windows) at the application level and not the OS? 3Reply
M
Marat Amerov2016-01-21 14:42:00
Is it possible to exclude ip range from Openvpn traffic? 3Reply
K
Konstantin Frolov2013-04-06 13:14:25
How to send CTRL+ALT+DEL to a remote machine? 11Reply
I
Interface2018-06-05 13:46:01
What is the best way to organize a VPN from a legal point of view? 2Reply
B
buzuluxkij200092020-06-19 10:29:22
How to make wifi server? 0Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question