Hi,
my name is Alex and I'm new to RouterOS and this forum. I started to test a HeX (RB750Gr3) some weeks ago willing to replace my old router (Bintec RS353) and I'm now facing a problem I wasn't able to solve yet. I already searched intensively for a solution but never found one or even another person with the same issue.
So, long story short, here it is: I've set up a plain IPsec-Tunnel to one of my customers (= remote side) and it is working fine, as long as the Mikrotik (local side) is the initiator of that connection - traffic flows through this connection in both directions. But whenever the peer on the MT is set to "passive" and reacts as responder, no traffic reachs the opposite site. The tunnel is built up as it should (phase2/SA gets established) and even the TX and RX counters seen in "Active Peers" are counting up accordingly to the pings that are sent, but no response is ever received. I sniffed the bridge interface on the LAN side of the MT to which the host is connected and there can be seen that all the pings are received and answered, but apparently not transported to the remote side. I already checked, logged and modified the firewall if the packets get dropped to no avail - from the log everythings seems to be fine.
Test setup (see full config attached):
MT and remote router have fixed public IPs
local side:
HeX (RB750Gr3), config based on MTs factory defaults with only the necessary additions for IPsec
Host 192.168.200.13 (can be pinged from the MT itself) attached to MTs ether2 with 192.168.200.1
remote side:
router "Bintec RS353", config is working fine with the old one on my side (same model)
Host 192.168.142.10 attached to LAN behind Router 192.168.142.16
tested pings from local-side-host to remote-side-host and from remote-side-router to local-side-host
I've already tested other RouterOS Versions: 7.16.2, 7.17.2 & 7.18.2
I'm running out of ideas now and hoping for someones help in this. Thanks!
my name is Alex and I'm new to RouterOS and this forum. I started to test a HeX (RB750Gr3) some weeks ago willing to replace my old router (Bintec RS353) and I'm now facing a problem I wasn't able to solve yet. I already searched intensively for a solution but never found one or even another person with the same issue.
So, long story short, here it is: I've set up a plain IPsec-Tunnel to one of my customers (= remote side) and it is working fine, as long as the Mikrotik (local side) is the initiator of that connection - traffic flows through this connection in both directions. But whenever the peer on the MT is set to "passive" and reacts as responder, no traffic reachs the opposite site. The tunnel is built up as it should (phase2/SA gets established) and even the TX and RX counters seen in "Active Peers" are counting up accordingly to the pings that are sent, but no response is ever received. I sniffed the bridge interface on the LAN side of the MT to which the host is connected and there can be seen that all the pings are received and answered, but apparently not transported to the remote side. I already checked, logged and modified the firewall if the packets get dropped to no avail - from the log everythings seems to be fine.
Test setup (see full config attached):
MT and remote router have fixed public IPs
local side:
HeX (RB750Gr3), config based on MTs factory defaults with only the necessary additions for IPsec
Host 192.168.200.13 (can be pinged from the MT itself) attached to MTs ether2 with 192.168.200.1
remote side:
router "Bintec RS353", config is working fine with the old one on my side (same model)
Host 192.168.142.10 attached to LAN behind Router 192.168.142.16
tested pings from local-side-host to remote-side-host and from remote-side-router to local-side-host
I've already tested other RouterOS Versions: 7.16.2, 7.17.2 & 7.18.2
I'm running out of ideas now and hoping for someones help in this. Thanks!
Statistics: Posted by AlexKoehl — Fri Mar 28, 2025 5:03 pm