Bypass FastTrack for IPsec, Mikrotik

Mikrotik’s FastTrack function is great for improving router speed and perfomance, but it messes up IPsec VPN.

To bypass this, I found the following to be helpful.

Create “mangle” rules, one for in and one for out, this adds additional “tags”

/ip firewall mangle add action=mark-connection chain=forward comment="Mark IPsec" ipsec-policy=out,ipsec new-connection-mark=ipsec
/ip firewall mangle add action=mark-connection chain=forward comment="Mark IPsec" ipsec-policy=in,ipsec new-connection-mark=ipsec

Create a firewall rule enabling fasttrack, but not for IPsec, using the created mangle “tags”

/ip firewall filter add action=fasttrack-connection chain=forward comment=FastTrack connection-mark=!ipsec connection-state=established,related

More articles

SPF, DKIM and DMARC

A little overview of : SFP (Sender Policy Framework) DKIM (Domain Keys Identified Mail) DMARC (Domain-based Message Authentication, Reporting & Conformance)

Read More »