{"id":2162,"date":"2018-03-22T17:31:06","date_gmt":"2018-03-22T17:31:06","guid":{"rendered":"http:\/\/www.mtin.net\/blog\/?p=2162"},"modified":"2018-03-22T17:31:06","modified_gmt":"2018-03-22T17:31:06","slug":"mikrotik-and-two-unique-subnets-across-an-ipsec-tunnel","status":"publish","type":"post","link":"http:\/\/www.mtin.net\/blog\/mikrotik-and-two-unique-subnets-across-an-ipsec-tunnel\/","title":{"rendered":"Mikrotik and two unique subnets across an Ipsec Tunnel"},"content":{"rendered":"<p>Recently we had an issue with an IPsec tunnel on Mikrotik\u00a0passing multiple subnets across a tunnel with multiple policies. The problem is\u00a0Packet forwarding and encryption only works for one destination (the first matched IPSec Policy) and the other subnet, which has the second policy did not work.\u00a0 In our case, we had two subnets 192.168.115.0\/24 and 192.168.116.0\/24 going across the tunnel.\u00a0 We could reach things on 116, but not 115.\u00a0 The following blog post was the fix for our issue.<\/p>\n<h2><a href=\"https:\/\/blog.bravi.org\/?p=1209\">Mikrotik IPSec VPNs with multiple destination Networks\/Policies and SA(s) management.<\/a><\/h2>\n<p>Once the level was set to &#8220;unique&#8221; everything was good.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Recently we had an issue with an IPsec tunnel on Mikrotik\u00a0passing multiple subnets across a tunnel with multiple policies. The problem is\u00a0Packet forwarding and encryption only works for one destination (the first matched IPSec Policy) and the other subnet, which has the second policy did not work.\u00a0 In our case, we had two subnets 192.168.115.0\/24 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":2163,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[24],"tags":[457,548,25,549],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.mtin.net\/blog\/wp-content\/uploads\/2018\/03\/download.jpg?fit=309%2C163","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-yS","jetpack-related-posts":[{"id":3436,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-passing-multiple-subnets-across-a-tunnel-with-multiple-policies\/","url_meta":{"origin":2162,"position":0},"title":"Mikrotik\u00a0passing multiple subnets across a tunnel with multiple policies","author":"j2sw","date":"May 2, 2019","format":false,"excerpt":"Recently we had an issue with an IPsec tunnel on Mikrotik\u00a0passing multiple subnets across a tunnel with multiple policies","rel":"","context":"In &quot;MTIN&quot;","block_context":{"text":"MTIN","link":"http:\/\/www.mtin.net\/blog\/category\/mtin\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":76,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-6-16-and-6-17-released\/","url_meta":{"origin":2162,"position":1},"title":"Mikrotik 6.16 and 6.17 Released","author":"j2sw","date":"July 20, 2014","format":false,"excerpt":"From the ChangeLogs What's new in 6.17 (2014-Jul-18 15:14): *) CCR1009 - fixed crash, only affects CCR1009; What's new in 6.16 (2014-Jul-17 13:12): *) 802.11ac support added in wireless-fp package for QCA9880\/9882 rev2 (-BR4A) chips; *) ip cloud now allows to set which IP to use - detected (public) or\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1333,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-routeros-3-36\/","url_meta":{"origin":2162,"position":2},"title":"Mikrotik RouterOS 3.36","author":"j2sw","date":"July 22, 2016","format":false,"excerpt":"Lots of things fixed in this release. What's new in 6.36 (2016-Jul-20 14:09): *) arm - added Dude server support; *) dude - (changes discussed here: http:\/\/forum.mikrotik.com\/viewtopic.php?f=8&t=110428); *) dude - server package is now made smaller. client side content upgrade is now removed from it and is downloaded straight from\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":225,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-router-os-6-25-released\/","url_meta":{"origin":2162,"position":3},"title":"Mikrotik Router OS 6.25 released","author":"j2sw","date":"January 19, 2015","format":false,"excerpt":"What's new in 6.25 (2015-Jan-19 10:11): *) certificates - fix SCEP RA operation and SCEP client when operating with RA; *) ppp - report authentication failure cause like in v6.6; *) ovpn server - added support for address lists; *) improved boot times; *) api - fixed missing return values\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":522,"url":"http:\/\/www.mtin.net\/blog\/lots-of-changes-in-routeros-6-34\/","url_meta":{"origin":2162,"position":4},"title":"Lots of changes in RouterOS 6.34","author":"j2sw","date":"January 29, 2016","format":false,"excerpt":"Lots of changes in RouterOS 6.34 Some Standouts that will be of benefit to alot of folks I know *) mipsle - architecture support dropped (last fully supported version 6.32.x); *) btest - significantly increased TCP bandwidth test performance; *) ssh - fixed possible kernel crash; *) crs212 - fix\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":204,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-router-os-6-22-released\/","url_meta":{"origin":2162,"position":5},"title":"Mikrotik Router OS 6.22 Released","author":"j2sw","date":"November 13, 2014","format":false,"excerpt":"From the ChangeLog What's new in 6.22 (2014-Nov-11 14:46): *) ovpn - added support for null crypto; *) files - allow to remove empty disk folders; *) sntp - fix problems with dns name resolving failures that were triggering system watchdog timeout; *) eoip\/eoipv6\/gre\/gre6\/ipip\/ipipv6\/6to4 tunnels have new features: tunnels go\u2026","rel":"","context":"In &quot;Mikrotik&quot;","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2162"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=2162"}],"version-history":[{"count":1,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2162\/revisions"}],"predecessor-version":[{"id":2164,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/2162\/revisions\/2164"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media\/2163"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=2162"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=2162"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=2162"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}