Yet another issue with IKEv2 I'm just facing.
EAP-TLS authentication was working previously but now it fails with in Mikrotik logs.

Thats odd - I've got pfs set in phase 2 and the IKEv2 tunnel establishes correctly: Yes, they establish correctly. But do they rekey without issue? Have a look at your log... Started SUP-37534. First issue - "IPsec-SA expired before finishing rekey" caused by wrong proposal coming from th...

I see the following error in the log (every 30 min): IPsec-SA expired before finishing rekey Haven't seen this issue in the current LTS and the 6.47.x releases. Found this answer in the topic, hope it helps: https://forum.mikrotik.com/viewtopic.php?f=2&t=159536&p=783686&hilit=IPsec+SA+e...