Hi,
I am new here but not in IT professional.
So, we have a lot of mt1100ah and we have a lot of ipsec vpn.
Sometimes I have seen vpn is establised but I can not send packet through tunnel. I would like to restart this connection but this feature is not supported just each ipsec tunnel.
I can not restart each at all error because other partners connected to us permanent TCP and if I restart each connection then it will be lost. (for eg. ATM)(we are bankcard processor)
What can I take?
br,
Peter
I written to support and they have sent answers.
They said I can not restart one ipsec tunnel now but they will put this function to a future OS version.
I am waiting it very!
Hi,
I’m having a similar problem and I have narrowed down the problem to my DSL router’s stopping to pass ESP packets to the mikrotik router behind it. As I have no control over them, I use this script to check connectivity and flush SA’s if neccesary:
:if ([/ping REMOTE_IP_REACHABLE_BY_THE_VPN_TUNNEL interval=3 count=3]<2) do={
:log warning “IPSec KO, flushing SAs”
/ip ipsec installed-sa flush sa-type=all
} else={
:log info “IPSec OK”
}
I run it every 33 seconds.
Hope it helps!
Yes, but this is the problem:
that I have written I can not flush all SA because I have a lot of ipsec VPN and all tunnel under using and if I flush all SA then all TCP opened session will be lost.
Therefore I am waiting this feature. (that I can restart one ipsec tunnel)
New problem is that if I change or add a new ipsec/vpn peer then all established vpn is disconnected until I flush all SA 