Well I'm happy to report I found a solution. Found this little nugget on
the MT forums:
http://forum.mikrotik.com/viewtopic.php?t=104810
I had to create another peer based off the dynamically created one, then
change Generate Policy from "port strict" to "port override". Was able
to connect after that change.
Rory McCann
MKAP Technology Solutions
Web: www.mkap.net
On 4/27/2016 3:05 PM, Rory McCann wrote:
I have an interesting scenario I'm curious if I can work through. My
ISP (cable company) provides me with a /28 of IP addresses. I have
them assigned to an x86 Mikrotik router (router1) that does
firewalling, VPN, connection tracking, etc for our company network.
It's on an older version of ROS (6.7)
One of those IPs is set aside (not assigned to an interface on
router1) for a lab network I have in my office for testing things.
This device is an RB750 (router2). It connects to router1 via PPPoE on
a private VLAN to obtain that IP address and assign it to the "WAN"
interface. For the most part, this seems to have allowed me to avoid
any double or triple NAT scenarios and I've been able to utilize it
for simple VPNs (PPTP) and an 6to4 tunnel to HE. This one is running
the latest version of ROS.
I've been experimenting with L2TP over IPsec and have had moderate
success (especially with the ease at which you can enable IPSec on
tunnels now). Everything works as expected when connections are
initiated INSIDE router1's realm (IE not over the internet). I can
establish my L2TP tunnel and the IPSec policies are created as expected.
I have found, however that this connection does not work when coming
from the internet. Digging through the log, I can see "tunnel xx
received no replies, disconnecting" on the L2TP side of things and not
seeing anything obvious (to me anyway) within IPsec. I have "accept"
rules in both firewall/filter and firewall/mangle to try to avoid
anything being filtered. I have also been able to successfully
establish an L2TP/IPsec vpn connection to router1 over the internet.
Not sure what's causing the problem here, but I'm curious if
connection tracking on router1 might be the issue? I thought with the
PPPoE connection assigning one of my public IPs it may avoid the
issue, but maybe not? I can see the connections being tracked in router1.
Assuming everything I wrote made ANY sense whatsoever, anyone have
ideas as to what I could try?
_______________________________________________
Mikrotik mailing list
Mikrotik@mail.butchevans.com
http://mail.butchevans.com/mailman/listinfo/mikrotik
Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
