[NEBULA] IPSec VPN configuration with MikroTik RouterOS

BlindOracle

Hello there,

I'm new to the forum and new to the Nebular hardware but I'm already super happy with it and the configuration via Nebula is just genius.

But, my question after setting up my branch office, does anyone have expiriences in how to connect an NSG to a MikroTik device via IPSec site-to-site VPN?

I'd be very thankful for all the hints, I already tried to establish a connection, but just a quick try, and it didn't work out as expected, but also I didn't look into the logs on the NSG side, because I didn't see them on Nebula.:-)

Have a great weekend!

Blind

Zyxel_Jason

Hi @BlindOracle ,

Welcome to Zyxel community!

We have received the same question from you on our ticket system and have replied you today.
From the event logs on NSG of your site, when filtering with category "VPN", you should be able to see the VPN connection disconnected around every 30 seconds.
You may see the timestamp of the log with the keywords "Tunnel [xxxxxxxxx] built successfully" and "Tunnel [xxxxxxxxx] is disconnected".
This symptom is usually related to the connectivity check feature of VPN.

Therefore, I recommend you to re-configure the Private subnet with a pingable IP address for connectivity check.
You may refer to the i-note like below to see the example.


Please also remember to double check if you have configured the policy route on your Mikrotik router when you find the traffic seems not going through the tunnel.
Source IP= the subnet on Mikrotik router
Destination IP= the subnet on NSG
Next Hop= VPN tunnel

PS. You don't need to configure policy router on NSG because NSG will create it automatically when you create Non-Nebula VPN peer.

Hope it helps.