IPsec - strange behavior

Asked Oct 13 '14 at 09:44

Active Oct 13 '14 at 10:17

Viewed 95 times

I have set up site-to-site ipsec connection between linux(debian) and mikrotik router. The tunnel is up

linux configuration:

config setup
    interfaces=%defaultroute
    keep_alive=60
    plutodebug=all
    plutostderrlog=/var/log/pluto.log
    nat_traversal=yes
    protostack=netkey
    oe=off
conn sitetosite
    left=10.0.0.249 #local gateway
    leftsubnets=10.0.0.0/24
    leftid=xxx.xxx.xxx.xxx #linux external IP
    leftsourceip=10.0.0.249
    right=yyy.yyy.yyy.yyy #mikrotik external IP
    rightsubnets=10.111.11.0/24
    rightid=yyy.yyy.yyy.yyy 
    pfs=yes
    type=tunnel
    forceencaps=yes
    authby=secret
    auto=start

Linux firewall rule to not masquerade between this two subnets:

iptables -t nat -A -s 10.0.0.0/24 ! -d 10.111.11.0/24 -j MASQUERADE

on mikrotik i have similar rule.

The problem is that i cannot ping 10.0.0.249(Linux lan gateway) from Mikrotik LAN Client

any ideas ?

edited Oct 13 '14 at 10:17

asked Oct 13 '14 at 09:44

Kriss

IPsec - strange behavior

0 Answers0