I have set up several VPNs between MT RB750G devices. Only one of them is giving me some difficulty.
The problem is that the tunnel works as long as you’re passing traffic from one side to the other. After a period amount of idle time where no traffic is being passed, the connection drops.
The only way to re-establish the VPN tunnel is to go on a network element behind each MT and send traffic to the other side (ICMP for example). I have to do this from BOTH sides which is really annoying. In other words, the connection does not automatically get re-established when trying to send traffic from one side to the other - it has to be sent to/from both sides at the same time.
I’ve tried experimenting with DPD (dead peer detection) values but that has no effect.
The other VPNs I have set up always have traffic going back and forth due to Nagios monitoring so I’m assuming I would probably have the same problem on these other VPN tunnels, too. The tunnel that’s having the problem is my home network - I don’t monitor anything there and only need to use the VPN when I’m at home. So when there’s no traffic, the VPN tunnel drops.
Both MT devices here are at OS version 4.11. Pasted below is one side of the tunnel. The other side is identical, but I can post that if it helps.
echo: ipsec initiate new phase 2 negotiation: 1.1.1.164[500]<=>2.2.2.235[500]
echo: ipsec 2.2.2.235 give up to get IPsec-SA due to time up to wait.
echo: ipsec IPsec-SA expired: ESP/Tunnel 2.2.2.235[0]->1.1.1.164[0] spi=231683277(0xdcf34cd)
FYI, both of these MikroTik devices are using an NTP client and the time is identical on both devices.