6.41 Site to Site IPSEC Tunnel

Hi, this is my first post. I am having a weird issues with site-to-site ipsec on the new 6.41 version of the software. I followed the example here: https://wiki.mikrotik.com/wiki/Manual:IP/IPsec#Site_to_Site_IpSec_Tunnel.

I have an RB3011 on either end of the tunnel, both on 6.41 software. The tunnel establishes no problem, but it will not pass traffic until I perform a ping from one of the routers to the other using the ping tool in winbox, but I have to specifiy the bridge as the interface for the ping. Once I do that, I can communicate with no problems for about 30 minutes or so. But then it stops working again. I would very much appreciate some advice here.

“30 minutes or so” is the default lifetime of a security association (SA). Please post the result of “/ip ipsec export verbose hide-sensitive” CLI command from both ends (and mark it as code using the icon for better readability).

Also, paste here the output of “/ip ipsec installed-sa print” from both ends before the ping (when the traffic does not pass through) and after the ping (while the traffic does pass through).

I was using site2site IPsec on 6.41 and am now using it on 6.41.1 and there’s no need to kickstart the SA establishment manually using ping.