Hi,
I have weird IPsec VPN problems on most of our RB2011 based board (Rack mounted, or not, wifi or not, with LCD or without). The main issue is that after establishing the IPsec connection, everything is fine, the installed-sa contains the established tunnel on both sides, the remote-peers sais its a mature connection, etc, so everything is cool.
Set up the srcnat rule: chain=srcnat action=accept dst-address=[wherewer we go].
It is working for every piece of routerboards in the past, but on the 2011s randomly does not work, can not ping through the network… even pinging with explicit src-address parameter, or with a fixed route on the external interface, etc… No ping…
After a few hours, or so (totally random) the ping starts… And a few days later it stops… Once it works, it’s quite stable, but if for example we change subnets, and reconfigure the VPN, it starts from the beginning… No connection, sometimes it does, etc… Totally random…
If I build an L2TP tunnel above the IPsec, it works flawlessly…
Seems like a NAT issue, but the rules are fine, we’re not masquerading between the given networks.
We have the same issue with about 7 independent sites with nothing common between them. Other 20-30 sites with other models does not produce the same behaviour.
For some router it worked to upgrade it to the current 6.10, but by time, the connection stops on them as well. The same issue is independent from the other side, it can be a Cisco router, an Openswan based linux gateway, or even another Mikrotik, it’s the same…
Totaly strange, and we’re suffering from it for months now. Can you please advice?
Thanks,
Peter