hello so i have build gre over ipsec on mikrotik routers between branches it was working but was failing once about ever 24 hour, but connection was on after killing connections it was getting connectad and was working good, but today it failed and i can`t estabilishe connection, can anyone help to get this tunnel work without failing?
# mar/11/2019 12:36:25 by RouterOS 6.43.12
# software id = F1PB-9NTV
#
# model = RouterBOARD 3011UiAS
# serial number =
/interface bridge
add name=bridge-LAN
/interface ethernet
set [ find default-name=ether1 ] comment="Primary AKHALIKSELEBI" name=\
ether1-WAN1 speed=100Mbps
set [ find default-name=ether2 ] comment="Secondary SILKNET" name=ether2-WAN2 \
speed=100Mbps
set [ find default-name=ether3 ] speed=100Mbps
set [ find default-name=ether4 ] speed=100Mbps
set [ find default-name=ether5 ] speed=100Mbps
set [ find default-name=ether6 ] speed=100Mbps
set [ find default-name=ether7 ] speed=100Mbps
set [ find default-name=ether8 ] speed=100Mbps
set [ find default-name=ether9 ] speed=100Mbps
set [ find default-name=ether10 ] speed=100Mbps
set [ find default-name=sfp1 ] advertise=\
10M-half,10M-full,100M-half,100M-full,1000M-half,1000M-full
/interface pptp-server
add name=pptp-in1 user=""
/interface gre
add allow-fast-path=no ipsec-secret=******** local-address=65.212.34.227 \
name=GRE_Tunnel_RM remote-address=85.16.247.199
/interface list
add exclude=dynamic name=discover
/interface wireless security-profiles
set [ find default=yes ] supplicant-identity=MikroTik
/ip firewall layer7-protocol
add name=block regexp="^.+(facebook|ok.ru|twitter.com|linkedin.com|tumblr.com|\
vk.com|flickr.com).*\$"
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 enc-algorithms=\
aes-256-cbc,aes-128-cbc,3des lifetime=0s pfs-group=none
/ip pool
add name=VPNPool ranges=192.168.10.10-192.168.10.50
add name=dhcp_pool1 ranges=192.168.0.20-192.168.0.199
add name="L2tp Pool" ranges=192.168.20.10-192.168.20.50
add name="Stand Router" ranges=192.168.2.1-192.168.2.254
/ip dhcp-server
add address-pool=dhcp_pool1 disabled=no interface=bridge-LAN lease-time=3h \
name=dhcp1
/ppp profile
set *0 local-address=192.168.0.2 remote-address=VPNPool
add dns-server=********************* local-address=192.168.0.2 name=\
PPTP-Profile remote-address=VPNPool
add dns-server=8.8.8.8 local-address=192.168.0.2 name=L2tp remote-address=\
"L2tp Pool" use-encryption=required wins-server=8.8.4.4
/snmp community
set [ find default=yes ] authentication-password=******** \
authentication-protocol=SHA1 encryption-password=******** security=\
authorized write-access=yes
/interface bridge port
add bridge=bridge-LAN hw=no interface=ether3
add bridge=bridge-LAN hw=no interface=ether4
add bridge=bridge-LAN hw=no interface=ether5
add bridge=bridge-LAN hw=no interface=ether7
add bridge=bridge-LAN hw=no interface=ether8
add bridge=bridge-LAN hw=no interface=ether9
add bridge=bridge-LAN hw=no interface=ether10
/ip neighbor discovery-settings
set discover-interface-list=discover
/interface l2tp-server server
set authentication=mschap1,mschap2 default-profile=L2tp enabled=yes \
ipsec-secret=******** keepalive-timeout=disabled
/interface list member
add interface=ether3 list=discover
add interface=ether4 list=discover
add interface=ether5 list=discover
add interface=sfp1 list=discover
add interface=ether6 list=discover
add interface=ether7 list=discover
add interface=ether8 list=discover
add interface=ether9 list=discover
add interface=ether10 list=discover
add interface=bridge-LAN list=discover
/interface pptp-server server
set authentication=chap,mschap1,mschap2 enabled=yes
/ip address
add address=192.168.0.2/24 interface=bridge-LAN network=192.168.0.0
add address=35.146.3.238/30 interface=ether2-WAN2 network=35.146.3.236
add address=175.74.117.41/30 interface=ether1-WAN1 network=175.74.117.40
add address=192.168.2.1/24 interface=ether6 network=192.168.2.0
add address=65.212.34.227 interface=ether1-WAN1 network=65.212.34.254
add address=172.12.12.1/30 interface=GRE_Tunnel_RM network=172.12.12.0
/ip dhcp-client
add add-default-route=no dhcp-options=hostname,clientid disabled=no \
interface=ether1-WAN1
add dhcp-options=hostname,clientid disabled=no interface=ether2-WAN2
/ip dhcp-server lease
add address=192.168.0.85 client-id=\
ff:c1:24:75:89:0:2:0:0:ab:11:69:cf:44:aa:2c:76:3:7b mac-address=\
00:26:18:59:F5:31 server=dhcp1
/ip dhcp-server network
add address=192.168.0.0/24 dns-server=192.168.0.2,8.8.8.8,8.8.4.4 gateway=\
192.168.0.2
add address=192.168.1.0/24 dns-server=192.168.0.2,8.8.8.8,8.8.4.4 gateway=\
192.168.1.1
/ip dns
set servers=8.8.8.8,8.8.4.4
/ip dns static
add address=192.168.88.1 name=router.lan
/ip firewall address-list
add address=95.155.135.235 list=L2TP_Allowed
add address=192.168.0.75 list=L2TP_Allowed
add address=85.16.247.199 list="RM CCTV Block on WAN 1"
/ip firewall filter
add action=drop chain=forward comment="SOC MEDIA" layer7-protocol=block \
protocol=tcp src-address=192.168.0.0/24
add action=accept chain=forward comment="accept established,related" \
connection-state=established,related
add action=accept chain=input comment=******* dst-port=******** protocol=tcp
add action=accept chain=input comment="accept ICMP" protocol=icmp
add action=accept chain=input comment="accept established,related" \
connection-state=established,related
add action=accept chain=input comment="accept PPTP" dst-port=***** protocol=\
tcp
add action=accept chain=input comment="accept GRE" protocol=gre
add action=accept chain=forward comment="Lan Forward" dst-address=\
192.168.2.0/24 src-address=192.168.0.0/24
add action=accept chain=forward dst-address=192.168.0.0/24 src-address=\
192.168.2.0/24
add action=accept chain=input comment=L2tp dst-port=*** in-interface=\
ether1-WAN1 protocol=udp
add action=accept chain=input dst-port=*** in-interface=ether2-WAN2 \
protocol=udp
add action=accept chain=input dst-port=500 in-interface=ether1-WAN1 protocol=\
udp
add action=accept chain=input dst-port=500 in-interface=ether2-WAN2 protocol=\
udp
add action=accept chain=input dst-port=*** in-interface=ether2-WAN2 \
protocol=udp
add action=accept chain=input dst-port=*** in-interface=ether1-WAN1 \
protocol=udp
add action=accept chain=input in-interface=ether1-WAN1 protocol=ipsec-esp
add action=accept chain=input in-interface=ether2-WAN2 protocol=ipsec-esp
add action=accept chain=input in-interface=ether1-WAN1 protocol=ipsec-ah
add action=accept chain=input in-interface=ether2-WAN2 protocol=ipsec-ah
add action=accept chain=input comment=\
"Accept all connections from local network" in-interface=bridge-LAN
add action=drop chain=forward comment="drop invalid" connection-state=invalid
add action=drop chain=input comment="drop all from WAN" in-interface=\
ether1-WAN1
add action=drop chain=input comment="Drop invalid packets" connection-state=\
invalid
add action=drop chain=forward comment="drop all from WAN not DSTNATed" \
connection-nat-state=!dstnat connection-state=new in-interface=\
ether1-WAN1
add action=drop chain=input comment=\
"Drop all packets which are not destined to routes IP address" \
dst-address-type=!local
add action=fasttrack-connection chain=forward comment="Fasttrack DNS UDP" \
dst-port=53 protocol=udp
add action=fasttrack-connection chain=forward comment="Fasttrack DNS TCP" \
dst-port=53 protocol=tcp
add action=drop chain=input comment=\
"Drop all packets which does not have unicast source IP address" \
src-address-type=!unicast
/ip firewall nat
add action=masquerade chain=srcnat out-interface=ether1-WAN1
add action=masquerade chain=srcnat out-interface=ether2-WAN2
add action=masquerade chain=srcnat src-address=192.168.0.0/24
add action=masquerade chain=srcnat src-address=192.168.2.0/24
add action=masquerade chain=srcnat src-address=172.12.12.0/30
add action=masquerade chain=srcnat src-address=192.168.10.0/24
add action=masquerade chain=srcnat out-interface=ether1-WAN1 src-address=\
175.74.117.40/30
add action=masquerade chain=srcnat src-address=192.168.20.0/24
*************************************************************************************
/ip firewall service-port
set irc disabled=yes
set h323 disabled=yes
set udplite disabled=yes
set dccp disabled=yes
set sctp disabled=yes
/ip ipsec peer
add address=0.0.0.0/0 exchange-mode=main-l2tp generate-policy=port-override \
passive=yes secret=*****
/ip route
add check-gateway=ping comment="ISP 1" distance=1 gateway=65.212.34.254
add check-gateway=ping comment="ISP 1" distance=1 gateway=175.74.117.42
add check-gateway=ping comment="ISP 2" distance=2 gateway=35.146.3.237
add distance=1 dst-address=10.101.101.0/24 gateway=172.12.12.2
add comment="RM CCTV" distance=1 dst-address=85.16.247.199/32 gateway=\
ether2-WAN2
add distance=1 dst-address=192.168.1.0/24 gateway=192.168.2.2
/ip service
set telnet disabled=yes
set ftp disabled=yes
set www disabled=yes
set ssh disabled=yes
set api disabled=yes
set winbox port=**********
set api-ssl disabled=yes
/ppp secret
add name=vpn password=********* profile=PPTP-Profile service=pptp
add name=**** password=******
add name=**** password=8****
/snmp
set contact=Router enabled=yes location="Main Office" trap-interfaces=all \
trap-version=3
/system clock
set time-zone-autodetect=no time-zone-name=Asia/Tbilisi
/system identity
set name=*****
i have changed and deleted several lines in code for infosec