Since early January, when running 6.37.3 or 6.38.1, I have had several issues with IPSEC, mostly L2TP Road-Warrior profiles. The issue I have been working on, is simultaneous configurations for Windows 10, iPhone, Android, and Linux clients. Whilst I muddled through various permutations of configurations that may function when all 0.0.0.0<->0.0.0.0 policies and peers are enabled, I have encountered an issue, wherein the device (an RB951Ui-2HnD) completely blocks all traffic. A reset is required, and some form of manual copy and paste is required of a back-up configuration.
I do realise that this is a fairly vague report, but wanted to see if there were others that were experiencing full device failures whilst modifying IPSEC configurations.
I’ll be happy to work on steps to reproduce the conditions, but have yet to find a consistent base-case, the situation always arises when modifying IPSEC configs though.
That is what is to be expected!
This policy means “no matter what the source and destination are, traffic is to be encrypted”.
When you have no more specific policy without encryption, this will usually lock you out of tje device.
When you really want to protect traffic between networks, it is much more failsafe to define a tunnel interface (IPIP, GRE, L2TP etc) with IPsec protection and
then route the traffic over that tunnel using static routes or autorouting.
Because the router fully rebooting back to factory default when you change the hashing algorithm on an IPSEC configuration seems to be a pretty unintended behaviour.
Sorry but your report is misleading. And at best it is very incomplete.
Post your config file or get in contact with support sending a supout.rif file.