I have five locations each connected with a Mikrotik 750G router. Works great ... except the static VPN IPSec tunnels between locations.
The tunnels work ... the example page in the manual was a great help. However, the tunnels go down randomly and I must log in, do a "ping <remote ip> src-address=<localip>" a few times on each box to bring up the tunnels again.
There seems to be no rhyme nor reason to when the tunnels go down, and why several pings are needed to bring up the tunnel. Many times I just get "Packet rejected" and the tunnel doesn't get built.
An example policy:
Code: Select all
/ip ipsec policy print
0 src-a0ddress=192.168.10.0/24:any dst-address=192.168.0.0/24:any
protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes
sa-src-address=[real ip of local router wan] sa-dst-address=[real ip of remote router wan]
proposal=default priority=0
Code: Select all
/ip ipsec peer print
0 address=[remote real ip]/32:500 auth-method=pre-shared-key secret="********>
generate-policy=no exchange-mode=aggressive send-initial-contact=yes
nat-traversal=no proposal-check=obey hash-algorithm=md5
enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0
dpd-interval=disable-dpd dpd-maximum-failures=1
Code: Select all
/ip ipsec proposal> print
0 name="default" auth-algorithms=md5 enc-algorithms=3des lifetime=1h
pfs-group=modp1024
Is this a bug or am I doing something wrong? Thanks in advance for any help!
-Andrew in Honduras