IPSec lan-to-lan with PfSense and MikroTik - Not working!!!

Riccardo90

Hello,
I have some trouble configuring a working IPSec connection between my PfSense and a MikroTik firewall Router.

I have the public static IP configured on the PfSense WAN port, and a private IP configured on the WAN of MikroTik because it is behind a NAT.

I tried to bring up the tunnel using the configuration attached to this post, but it doesn't work.

Can someone give me (and the community) an help in order to make it working and stable?

Thank you,
Regards

Riccardo
![PfSense P1.png](/public/imported_attachments/1/PfSense P1.png)
![PfSense P1.png_thumb](/public/imported_attachments/1/PfSense P1.png_thumb)
![PfSense P2.png](/public/imported_attachments/1/PfSense P2.png)
![PfSense P2.png_thumb](/public/imported_attachments/1/PfSense P2.png_thumb)

MKT_Peer.png_thumb

MKT_Policy.png_thumb

MKT_Proposal.png_thumb

Riccardo90

No-one have a solution for my issue with IPSec connection?…

doktornotor

Apparently not with the awesome "but it doesn't work." issue description… Guess why.

MaxHeadroom

Hi,

i know that mikrotik + pfsense is working.

Is phase1 ok ? –>yes go to phase2
is phase2 ok ?

From mikrotic forum:
When you want to make a direct IPsec tunnel between MikroTik routers you must make sure that you have an exception rule in your NAT table for traffic from the local to the remote network which says "accept" (before your general rule that says "masquerade" or "src-nat").
When you do not do that, the router will mistakenly NAT the traffic before it puts it into the tunnel, and no communication will be possible.

I used on phase 1
Encryption algorithm AES 256
Hash algorithm

|
SHA1
DH key group 2(1024)
Lifetime 86400

phase2
Protocol ESP
Encryption algorithms AES (auto)
Hash algorithms SHA1
PFS key group 2(1024)
Lifetime 1800

With other setting i ran in trouble.

regards
max |