Hi all,
I have five locations each connected with a Mikrotik 750G router. Works great … except the static VPN IPSec tunnels between locations.
The tunnels work … the example page in the manual was a great help. However, the tunnels go down randomly and I must log in, do a “ping src-address=” a few times on each box to bring up the tunnels again.
There seems to be no rhyme nor reason to when the tunnels go down, and why several pings are needed to bring up the tunnel. Many times I just get “Packet rejected” and the tunnel doesn’t get built.
An example policy:
/ip ipsec policy print
0 src-a0ddress=192.168.10.0/24:any dst-address=192.168.0.0/24:any
protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes
sa-src-address=[real ip of local router wan] sa-dst-address=[real ip of remote router wan]
proposal=default priority=0
A peer definition:
/ip ipsec peer print
0 address=[remote real ip]/32:500 auth-method=pre-shared-key secret="********>
generate-policy=no exchange-mode=aggressive send-initial-contact=yes
nat-traversal=no proposal-check=obey hash-algorithm=md5
enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0
dpd-interval=disable-dpd dpd-maximum-failures=1
Proposal:
/ip ipsec proposal> print
0 name="default" auth-algorithms=md5 enc-algorithms=3des lifetime=1h
pfs-group=modp1024
I also have the proper rules in /ip firewall nat to exclude VPN packets from being NAT’d.
Is this a bug or am I doing something wrong? Thanks in advance for any help!
-Andrew in Honduras