Hi,
I’m a newbie and I have a question maybe somebody can help me…
So recently I bought a small box (hap ac lite) current OS version is the latest stable 6.34.2 and I use it for DHCP server Wifi Access Point and vpn endpoint
I have built a S2S vpn with a third party device basically the tunnel is up and working properly but sometimes is broken (usually when the phase 1 timeout is expired) timeout is 28800s anyway..
Unfortunately I have to use my internet service provider box (Sagemcom) because of coaxial cable and IPTV service and I have to enable the ipsec passthrough on it. So I route every traffic to ISP box (from local bridge) this is my default gateway and I don’t use Mikrotik wan interface.
The tunnel is working correctly and up immediately when I enable peer (on ipsec peers) but it seems for me when the phase 1 timeout expired the key exchange not happen (maybe?)
I got “phase1 negotiation failed due to time up myIP[500] <=>remotepeerIP[500]” error message up for 1-2 hour and then suddenly it start to work correctly again without any interaction from my side (I saw this time period inside the log) Certainly the internet connection is working correctly…
I have tried these options/combinations:
turn on ipsec peer Nat Traversal
forwarding port udp 500 and 4500 to my IP
add my IP the ISP’s router DMZ
without any success…
when I restart the ISP box it’s start to working but as far as I remember when I disable the peer on ipsec peers and enable it again the tunnel also begins to work…
Could you please advise any trick how start the troubleshooting? what should I change inside my config
any help would be appreciated
Thanks