Bypass FastTrack for IPsec, Mikrotik

Mikrotik’s FastTrack function is great for improving router speed and perfomance, but it messes up IPsec VPN.

To bypass this, I found the following to be helpful.

Create “mangle” rules, one for in and one for out, this adds additional “tags”

/ip firewall mangle add action=mark-connection chain=forward comment="Mark IPsec" ipsec-policy=out,ipsec new-connection-mark=ipsec
/ip firewall mangle add action=mark-connection chain=forward comment="Mark IPsec" ipsec-policy=in,ipsec new-connection-mark=ipsec

Create a firewall rule enabling fasttrack, but not for IPsec, using the created mangle “tags”

/ip firewall filter add action=fasttrack-connection chain=forward comment=FastTrack connection-mark=!ipsec connection-state=established,related

More articles

Dynamic botnet filter

We can utilize dynamic botnet filters on firewalls and specific services can be called upon dynamically. On Github there are several

Read More »