I have the following config (Based on https://wiki.mikrotik.com/wiki/IKEv2_EA ... d_RouterOS) that works great:
Code: Select all
/ip ipsec mode-config add connection-mark=nordvpnch name=nordvpnch responder=no
/ip ipsec policy group add name=nordvpnch
/ip ipsec profile add name=nordvpnch
/ip ipsec peer add address=ch78.nordvpn.com exchange-mode=ike2 name=nordvpnch profile=nordvpnch send-initial-contact=no
/ip ipsec proposal add enc-algorithms=aes-256-cbc name=nordvpnch pfs-group=none
/ip ipsec identity add auth-method=eap certificate="" eap-methods=eap-mschapv2 generate-policy=port-strict mode-config=nordvpnch peer=nordvpnch policy-template-group=nordvpnch
/ip ipsec policy add dst-address=0.0.0.0/0 group=nordvpnch proposal=nordvpnch src-address=0.0.0.0/0 template=yes
When I add a second connection to a different server, both connections work, and work as expected (traceroute, perf, etc...), however within minutes I get:
ipsec,info killing ike2 SA, from both (but not at the same time, they alternate about every 2 minutes).
I set the peer send-initial-contact=no, however there is no difference in behavior.
CCR1009/6.45.6
What did I miss? Thanks.