We have a Mikrotik (hEX lite) → Mikrotik (RB750GL) ipsec site to site vpn set up from a branch office to our main office. Yesterday, I replaced the branch office router (with a new hEX lite) because the vpn link was acting strangely under load.
The issue we are facing since the new installation, is that the vpn link shuts down and refuses to reconnect after an internet outage. The Microtik is running a PPPOE client connected to a bridged modem. The only way to get the vpn link up again is to reboot the router which had it’s ppp link reset. Below is a log starting from an established ipsec connection, to after the PPPOE client reconnects:
We have a similar issue at our end too with PPPOE WAN and L2TP/IPSEC VPN.
We basically have a Hexlite (RB750r2) with LT2P/IPSEC configured, that is connected to the internet via a PPPOE connection to a bridged modem
Following a reboot of either the modem or the mikrotik router the PPPOE connection would not be able to connect again.
The only way we found to revive the PPPOE connection is to disable the L2TP server from the PPP section on the mikrotik (disabling the VPN).
Any help on this matter would be greatly appreciated.
I have similar problem like luigimallia. My internet provider has defined PPPoE session timeout every 12h so after PPPoE connection is reestablished, IPsec negotiation with remote peer never comes to established state.
I have tested with RB951 and RB2011 on client side, with RB951 and Check Point on HQ location, but results were similar, always got response : ipsec,error phase1 negotiation failed due to time up.
When tests were with RB on both sides, i have torch-ed WAN interfaces for traffic between the static IP addresses, and all other traffic was normally exchanged (ping, telnet, ssh) except ISAKMP [port 500]. IPsec initiator logs that there are attempts to exchange packets with remote peer, but on the others side there was no incoming packet from its IP on port 500.
Resetting PPPoE session manually (pppoe-client disable/enable) was not a solutuon, but resetting physical port (Ethernet1-Gateway in my case) solves the problem, and IPsec tunnel becomes to state : established. Temporary I have solution with small script and netwatch tool, monitoring IP through the tunnel, and when this monitor changes state to DOWN, this small script deactivate first PPPoE client, then disable the Ethernt port, and after one second delay, again first enables the Ethernet port and activate the PPPoE client, Shortly after this script is executed, IPsec tunel is live again.
This explains why luigimallia has VPN link up with restarting the router. This solution takes little longer time
Regards
I have the exact same problem whenever PPPoE is reestablished quickly (because of some ISP drop - usually during maintenance), it requires a reboot of the router to restore IPSec tunnels.
Has been this way for years and running all firmwares from 6.35 to current 6.44.3
