Hi bro!
I have VPN tunnel in IKE2 mode.
Mikrotik CCR1009 v6.40.4 as a server and Windows 10 client!
If no packets go through tunnel then Mikrotik drop ph2 dynamic policy from ipsec policy. Time to policy drop ~2h
On widows builtin vpn client no error, tunnel still active, but no traffic pass from router, because no policy.
Policy created from template:
/ip ipsec mode-config
add address-pool=rw_vpn_pool name=rw-mode-config split-include=192.168.200.0/24 comment="Split include dont work on Windows 10 client!!!"
/ip ipsec policy group add name=RoadWarrior
/ip ipsec proposal add enc-algorithms=aes-256-cbc,aes-128-cbc lifetime=7h30m name=proposal-rw pfs-group=none
/ip ipsec peer
add address=0.0.0.0/0 auth-method=eap-radius certificate=ipsec.cer_0 comment="RW setup" dh-group=modp1024 enc-algorithm=aes-256,aes-128 exchange-mode=ike2 generate-policy=\
port-strict lifetime=8h local-address=1.1.1.1 mode-config=rw-mode-config passive=yes policy-template-group=RoadWarrior send-initial-contact=no
/ip ipsec policy add comment="VPN srv->rwarrior" dst-address=10.60.0.0/24 group=RoadWarrior proposal=proposal-rw src-address=192.168.200.0/24 template=yes
Also catch ipsec debug log on screenshot
