I’m a beginner in Mikrotik products and IPSec VPN connections.
I’m in this situation, I have to build a VPN between two routers (a Mikrotik (my router) and a another router which I don’t know the specs (router of my client)).
The VPN is installed, it works well, but my problem is if my client breaks the connection IPSec on its router, on my Mikrotik the connection remains open anyway (I see it in “remote peer”) (and the old IDs kept in memory until the end of the lifetime), if it re-opens the VPN before the end of the lifetime, the VPN doesn’t work because it uses the old ID to mount it back. So I’ve to kill the connection in the Mikrotik (in “remote peer”) and now routers exchanging good ID and the VPN back.
How routers can communicate when one closes the connection ?
If you know IP addresses for both ends of VPN tunell then you should ping the opposite end from each router.
When ping is not returning then consider VPN to be down so it should be restarted with
/ip ipsec installed-sa flush
or/and
/ip ipsec remote-peers kill-connections
This script should be scheduled to be run every ?? minutes…you need to choose the correct value depending on your needs
You could check “the other end” with netwatch and clear ipsec peer as above but netwatch is IMHO too dumb to decide when VPN is down. One dropped/overtimed packet starts restart procedure.
In my script you can tailor dropped to all packet treshold and this way choose when VPN is considered to be down.
