{"id":3436,"date":"2019-05-02T16:41:04","date_gmt":"2019-05-02T16:41:04","guid":{"rendered":"https:\/\/www.mtin.net\/blog\/?p=3436"},"modified":"2019-05-02T16:41:05","modified_gmt":"2019-05-02T16:41:05","slug":"mikrotik-passing-multiple-subnets-across-a-tunnel-with-multiple-policies","status":"publish","type":"post","link":"http:\/\/www.mtin.net\/blog\/mikrotik-passing-multiple-subnets-across-a-tunnel-with-multiple-policies\/","title":{"rendered":"Mikrotik\u00a0passing multiple subnets across a tunnel with multiple policies"},"content":{"rendered":"
Become a Patron to see this content<\/div>
To view this content, you must be a member of Justin's Patreon<\/a> at $1 <\/b> or more<\/div>
\"Unlock Unlock with Patreon<\/div><\/div><\/a><\/div>
Already a qualifying Patreon member? Refresh<\/a> to access this content.<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"

Recently we had an issue with an IPsec tunnel on Mikrotik\u00a0passing multiple subnets across a tunnel with multiple policies<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","jetpack_publicize_message":"","jetpack_is_tweetstorm":false,"jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","enabled":false}}},"categories":[857],"tags":[],"jetpack_publicize_connections":[],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p6VLMf-Tq","jetpack-related-posts":[{"id":2162,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-and-two-unique-subnets-across-an-ipsec-tunnel\/","url_meta":{"origin":3436,"position":0},"title":"Mikrotik and two unique subnets across an Ipsec Tunnel","author":"j2sw","date":"March 22, 2018","format":false,"excerpt":"Recently we had an issue with an IPsec tunnel on Mikrotik\u00a0passing multiple subnets across a tunnel with multiple policies. The problem is\u00a0Packet forwarding and encryption only works for one destination (the first matched IPSec Policy) and the other subnet, which has the second policy did not work.\u00a0 In our case,\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":76,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-6-16-and-6-17-released\/","url_meta":{"origin":3436,"position":1},"title":"Mikrotik 6.16 and 6.17 Released","author":"j2sw","date":"July 20, 2014","format":false,"excerpt":"From the ChangeLogs What's new in 6.17 (2014-Jul-18 15:14): *) CCR1009 - fixed crash, only affects CCR1009; What's new in 6.16 (2014-Jul-17 13:12): *) 802.11ac support added in wireless-fp package for QCA9880\/9882 rev2 (-BR4A) chips; *) ip cloud now allows to set which IP to use - detected (public) or\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":1333,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-routeros-3-36\/","url_meta":{"origin":3436,"position":2},"title":"Mikrotik RouterOS 3.36","author":"j2sw","date":"July 22, 2016","format":false,"excerpt":"Lots of things fixed in this release. What's new in 6.36 (2016-Jul-20 14:09): *) arm - added Dude server support; *) dude - (changes discussed here: http:\/\/forum.mikrotik.com\/viewtopic.php?f=8&t=110428); *) dude - server package is now made smaller. client side content upgrade is now removed from it and is downloaded straight from\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":522,"url":"http:\/\/www.mtin.net\/blog\/lots-of-changes-in-routeros-6-34\/","url_meta":{"origin":3436,"position":3},"title":"Lots of changes in RouterOS 6.34","author":"j2sw","date":"January 29, 2016","format":false,"excerpt":"Lots of changes in RouterOS 6.34 Some Standouts that will be of benefit to alot of folks I know *) mipsle - architecture support dropped (last fully supported version 6.32.x); *) btest - significantly increased TCP bandwidth test performance; *) ssh - fixed possible kernel crash; *) crs212 - fix\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":204,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-router-os-6-22-released\/","url_meta":{"origin":3436,"position":4},"title":"Mikrotik Router OS 6.22 Released","author":"j2sw","date":"November 13, 2014","format":false,"excerpt":"From the ChangeLog What's new in 6.22 (2014-Nov-11 14:46): *) ovpn - added support for null crypto; *) files - allow to remove empty disk folders; *) sntp - fix problems with dns name resolving failures that were triggering system watchdog timeout; *) eoip\/eoipv6\/gre\/gre6\/ipip\/ipipv6\/6to4 tunnels have new features: tunnels go\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":225,"url":"http:\/\/www.mtin.net\/blog\/mikrotik-router-os-6-25-released\/","url_meta":{"origin":3436,"position":5},"title":"Mikrotik Router OS 6.25 released","author":"j2sw","date":"January 19, 2015","format":false,"excerpt":"What's new in 6.25 (2015-Jan-19 10:11): *) certificates - fix SCEP RA operation and SCEP client when operating with RA; *) ppp - report authentication failure cause like in v6.6; *) ovpn server - added support for address lists; *) improved boot times; *) api - fixed missing return values\u2026","rel":"","context":"In "Mikrotik"","block_context":{"text":"Mikrotik","link":"http:\/\/www.mtin.net\/blog\/category\/mikrotik\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/3436"}],"collection":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/comments?post=3436"}],"version-history":[{"count":1,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/3436\/revisions"}],"predecessor-version":[{"id":3437,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/posts\/3436\/revisions\/3437"}],"wp:attachment":[{"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/media?parent=3436"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/categories?post=3436"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.mtin.net\/blog\/wp-json\/wp\/v2\/tags?post=3436"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}