I have a IKEv2 server running on Windows Server 2019 and I have configured Mikrotik as IKEv2 client.
Once the connection is established, I can not access Mikrotik via IP but only via MAC address. From Mikrotik, I can not ping any public IPs however the VPNs remain established and I can also reach the other end of the tunnel.
Code: Select all
/ip ipsec mode-config
add name=VPN responder=no src-address-list=Addresses use-responder-dns=no
add connection-mark=Surfshark-UK_Destination name=Surfshark-UK responder=no use-responder-dns=no
/ip ipsec policy group
add name=VPN
add name=Surfshark-UK
/ip ipsec profile
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=VPN
add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=Surfshark-UK
/ip ipsec peer
add address=Address exchange-mode=ike2 name=VPN profile=VPN
add address=lon-uk.prod.surfshark.com exchange-mode=ike2 name=Surfshark-UK profile=Surfshark-UK
/ip ipsec proposal
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc,aes-256-ctr,aes-256-gcm name=VPN pfs-group=modp2048
add auth-algorithms=sha256 enc-algorithms=aes-256-cbc,aes-256-gcm name=Surfshark-UK pfs-group=modp2048
/ip ipsec identity
add auth-method=eap certificate=Lets_Encrypt_CA.crt_0 eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=VPN peer=VPN policy-template-group=VPNPolicy username=VPNClient
add auth-method=eap certificate=surfshark_ikev2.crt_0 eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=Surfshark-UK peer=Surfshark-UK policy-template-group=Surfshark-UK username=Username
/ip ipsec policy
add dst-address=0.0.0.0/0 group=VPNPolicy proposal=VPN src-address=0.0.0.0/0 template=yes
add dst-address=0.0.0.0/0 group=Surfshark-UK proposal=Surfshark-UK src-address=0.0.0.0/0 template=yes
I have also configured Mikrotik as IKEv2 client with Surfshark and Pfsense IKEv2 client but I do not have the same issue. Any idea.