| IPSEC VPN Problem [message #105538] |
Fri, 16 August 2013 00:22  |
AndrisGazda
Messages: 12
Registered: May 2013
|
|
|
|
Cannot connect from internet to Kerio Control wich is behind Mikrotik RB450G router with IPSEC VPN. I've set the forwardings on router, but still cannot connect, preshared key is the same. As I found on the internet, IPSEC doesn't work when the VPN/authetification server is behind NAT/firewall as in my case. The problem is that VPN access is needed from outside the network, from cell phones, tablets too, where Kerio VPN client cannot be installed this category of devices.
|
|
|
|
| Re: IPSEC VPN Problem [message #105542 is a reply to message #105538] |
Fri, 16 August 2013 05:58  |
mlee (Kerio)
Messages: 211
Registered: October 2012
Location: Sydney
|
|
|
|
One suggestion is to use your Mikrotik RB450G router in bridge mode and let Kerio Control have the public IP address so no mapping is needed.
M.
PTSD. BP. OCD. ASPD. BPD. Certified.
|
|
|
|
| Re: IPSEC VPN Problem [message #105549 is a reply to message #105542] |
Fri, 16 August 2013 08:38 |
AndrisGazda
Messages: 12
Registered: May 2013
|
|
|
|
Thanks, but is not possible because there is implemented the failover switching between the 2 internet connections and also the physical firewall role too.Other problem is that cannot add more network cards in the pc what is used for virtualization for Kerio Control. I don't trust Kerio Control's failover, last time when I tested it the switching back after the primary connection was restored didn't worked.
My question is, what if I set up a VPN server on router and I make a tunnel between Kerio and RB450G ? With this would be possible to access the internal network ? Only access to internal network is needed in secure conditions from VPN clients, no need for accessing the internet thorough VPN.
RB450G can deal with IPSEC, PPTP, PPPoE too.
|
|
|
|
| Re: IPSEC VPN Problem [message #105574 is a reply to message #105549] |
Fri, 16 August 2013 15:41 |
silars
Messages: 285
Registered: March 2012
|
|
|
|
1. Have you tried to capture packets on the Control device to verify forwarding is occurring properly?
2. Have you considered setting up a VPN server internally to Control? I use an internal VPN server to handle PPTP (Control doesn't do PPTP) and IPsec. Android, iOS, and Windows phones/tablets support PPTP.
3. Can you post your IPsec forwarding rules on the RB450G?
[Updated on: Fri, 16 August 2013 15:52] Report message to a moderator |
|
|
|
 Re: IPSEC VPN Problem [message #105576 is a reply to message #105574] |
Fri, 16 August 2013 16:01 |
AndrisGazda
Messages: 12
Registered: May 2013
|
|
|
|
I read on Mikrotik forum about that IPSEC is not working if the VPN server is behind router/NAT. How to capture the packets if the router and the virtual machine ar connected directly with cable ?
Thanks a lot for the idea with the internal VPN server !!! I will try to go on this direction. 
|
|
|
|
| Re: IPSEC VPN Problem [message #105581 is a reply to message #105576] |
Fri, 16 August 2013 17:27 |
silars
Messages: 285
Registered: March 2012
|
|
|
|
You do need NAT Traversal support for IPsec for that to work. If Mikrotik doesn't support NAT Traversal for IPsec, this will only work if your IPsec VPN connections are in Tunnel mode. I don't believe all of your clients will support that.
The other option is to consider PPTP. It is less secure, but port forwarding is a lot easier.
|
|
|
|
| Re: IPSEC VPN Problem [message #105582 is a reply to message #105576] |
Fri, 16 August 2013 17:59 |
AndrisGazda
Messages: 12
Registered: May 2013
|
|
|
|
IPSEC-ESP,IPSEC-AH,UDP ports 500,1701,4500,5500
At all the NAT/forwarding settings are the same : General tab- Chain:dst-nat, dst address:public IP (assigned by provider)
Action tab- Action dst-nat, To address:Kerio WAN interface IP address, Port:the same as on General tab
|
|
|
|
Members
Search
Help
Register
Login
Home
