hi,
im reading the ipsec wiki of mikrotik and Ive read regarding the parameters
send-initial-contact
and
passive
.
whats the difference between the 2 options?
thanks!
Jonathan
When set to passive, the Mikrotik does not try and establish the IPSec connection, it waits for incoming connections. Use this setting when remote clients use dynamic IPs. If doing a site-to-site tunnel, then it’s ok for both sides to be set send-initial-contact.
From the manual:
Specifies whether to send “initial contact” IKE packet or wait for remote side, this packet should trigger removal of old peer SAs for current source address. Usually in road warrior setups clients are initiators and this parameter should be set to no.