Seems like ever since we upgarded to 6.39.2 we have had an issue with VPN about once a week. It is strange, it still shows our IPSEC tunnels established and connected however they will not pass any traffic. L2TP tunnels simply wont established. There is nothing showing in the log files either. I have tried to go through various sections of the tunnels and disable and re-enable them to see if that helps but nothing does. Only thing that fixes it is a reboot of the Tik. Once a reboot is done everything works great for several days.
I had an endpoint that was a Cisco. Sometimes Cisco was send a delete message and the Mikrotik would remove the active peer but leave the security associations in place. Then no traffic would happen.
Try turning on logging for IPSec to see if the remote end is trying to connect but can’t..
Yes I’m having this problem too. IPSec established but no data. I have 4 GRE over IPSec tunnels to 4 servers with the exact settings but only one tunnel works.
I have tens of GRE over IPsec tunnels on tens of routers (mainly x86 and RB850Gx2) and I haven’t had any issues with 6.39.2 or any previous versions for at least a year.
Super strange. I can’t force the problem to reproduce. When it does happen it affects all VPN tunnels and all forms of VPN tunnels. When it happens again I will tinker some more and see if I can pin something down…
I have the same issue. It has gotten to the point that I have a script on every router to kill the IPSec connections and flush the SA’s, at the same time on both ends.
Have you enabled IPsec debug logs?
Probably on a remote syslog server since IPsec tends to heavily flood the logs and it’s practically impossible to search for anything on them.
Do they show anything useful when the issue occurs?
Is this between MikroTik only or other vendors too?
Are those tunnels directly connected or behind NAT?
Everything you describe is exactly what is happening on my end however it affects my Tik to Tik tunnels, Tik to Cradlepoint Tunnels, and my generic L2TP tunnels… So basically anything IPSEC for me goes down. I too am not able to force the issue to happen and there is no consistency of when it happens…
Still nothing. As of 6.41rc16, my standard IpSec and my IKEv2 tunnels still die every 2~3 days. My only solution was power cycling the sites every night at the same time. I use DLI Web Power Switches to automatically power cycle them at 3am every day. It’s the only way I can guarantee that the VPNs will be up and running when employees start working at 6am.
I have noticed often times (but not all the time) this issue surrounds L2TP connections. Like if someone connects to L2TP tunnel but then doesnt disconnect the tunnel before shutting down their computer. The next time they connect it will trigger this issue. Just a commonality I have noticed…
Please upgrade your router to the latest current or release candidate build and generate supout.rif file when the issue is present on the router and send it to support@mikrotik.com. Will try to see where the problem might be.