Am Friday, 7. December 2012, 15.09:47 schrieb Ty Featherling: > I am glad we had this chat. ;) > > I always seem to find the answer either while typing the question to send > on-list or as soon as I post it. Glad you figured it out.
Hi Ty Yes, sometimes possible solutions show up while you describe the problme. Unfortunately the solution described does not work in my case. It looks like some mechanism in RouterOS determines 'invalid' IPSEC policies. I don't know yet what causes RouterOS to belive a policy is invalid. Fact is, when I activate the policy, routing between the two LAN interfaces work for a couple of seconds (and also the normale default route traffic via IPSEC works in the same time, proving that the policies themself work as expected). But then the policy is flagged 'invalid' and the whole LAN-LAN routing is broken again. I suppose a solution would be to not use a default route, but to route the whole IPv4 space as single routes and ommit the routes to the networks which are connected localy. But this would mean adding a large number of IPSEC policies which I would have to add to both sides of the IPSEC tunnel and enplus, add each of those routes once for each of my LAN networks. Why can't just the most specific route win like routing is normaly done? -Benoit- _______________________________________________ Mikrotik mailing list [email protected] http://www.butchevans.com/mailman/listinfo/mikrotik Visit http://blog.butchevans.com/ for tutorials related to Mikrotik RouterOS
