I have a VPN server on mikrotik, IKEv2 protocol, with authorization via NPAS in a windows domain. The problem occurs when the RADIUS server requests a password change from the client. The user does not have time to enter the old and new password, at this point the IKEv2 session breaks. In the mikrotik log I see the entry “child negotiation timeout in state 2”. How can this be fixed?
Doesn’t anyone use Mikrotik in a product environment as a VPN server with windows domain authorization? If so, how is the issue with periodic password changes solved?
And another thing - is it possible that the session is broken by the windows client? And if so, how can I correct this behavior?