[Mikrotik] Mikrotik to pfSense IPSEC VPN

Kurt Plaatjes kurtplaatjes at gmail.com
Wed Sep 15 02:11:59 CDT 2010


Hi Alan

I see you are masquerading vpn traffic.
Can you try and change the masquerade of all VPN traffic to an accept, on
both ends of the VPN.

As a test, something along the lines of:

At the office:
add action=accept chain=srcnat comment="bypass masquerade of vpn traffic"
disabled=no dst-address=192.168.2.0/24

At home:
add action=accept chain=srcnat comment="bypass masquerade vpn traffic"
disabled=no dst-address=192.168.0.0/24

These rules need to be above any other masquerading rules pertaining to
these interfaces/networks you have in your firewall config.

cheers,
Kurt
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.butchevans.com/pipermail/mikrotik/attachments/20100915/5fe718f2/attachment.html>


More information about the Mikrotik mailing list