Community discussions

MikroTik App
 
dipsy
just joined
Topic Author
Posts: 7
Joined: Mon Dec 19, 2016 11:55 pm

ipsec unstable

Tue Dec 20, 2016 12:40 am

Today I spent many hours for this problem.
My ipsec is very unstable.

I have central mikrotik 192.168.40.1 (static ip)
and two sites 192.168.1.0/24 (static ip) and 102.168.30.0/24 (dynamic ip)
192.168.30.0/24 works perfectly
But 192.168.1.0 isn't.
I get ipsec disconnects after it successfully established and gets SAs.

Mikrotik 1 6.73.3 stable

/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.1.73/24 192.168.1.0 bridge
1 192.168.2.254/24 192.168.2.0 ether1

/ip ipsec policy print
Flags: T - template, X - disabled, D - dynamic, I - inactive, * - default
0 TX* group=default src-address=::/0 dst-address=::/0 protocol=all
proposal=default template=yes

1 src-address=192.168.1.0/24 src-port=any dst-address=192.168.40.0/24
dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=192.168.2.254
sa-dst-address=80.xxx.115.108 proposal=default priority=0

/ip ipsec peer print
Flags: X - disabled, D - dynamic
0 address=80.xxx.115.108/32 local-address=0.0.0.0 passive=no port=500
auth-method=pre-shared-key secret="xxxxxx" generate-policy=no
policy-template-group=default exchange-mode=main-l2tp
send-initial-contact=yes nat-traversal=yes hash-algorithm=sha1
enc-algorithm=aes-128,3des dh-group=modp1024 lifetime=1d
dpd-interval=disable-dpd dpd-maximum-failures=1

/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=accept dst-address=192.168.40.0/24 log=no

1 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1

/ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.2.73 1
1 ADC 192.168.1.0/24 192.168.1.73 bridge 0
2 ADC 192.168.2.0/24 192.168.2.254 ether1 0

0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough

1 ;;; p2p
chain=forward action=drop p2p=all-p2p log=no

2 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp

3 chain=input action=accept protocol=ipsec-esp log=no

4 chain=input action=accept protocol=udp dst-port=500,4500,1701
log=no

5 ;;; defconf: accept established,related
chain=input action=accept connection-state=established,related

6 ;;; defconf: accept established,related
chain=forward action=accept
connection-state=established,related

7 ;;; defconf: drop all from WAN
chain=input action=drop in-interface=ether1

8 ;;; defconf: fasttrack
chain=forward action=fasttrack-connection
connection-state=established,related

9 ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid

10 ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface=ether1

dec/20 01:20:34 ipsec,debug initiate new phase 1 negotiation: 192.168.2.254[500]<=>80.xxx.115.108[500]
dec/20 01:20:34 ipsec,debug begin Identity Protection mode.
dec/20 01:20:34 ipsec,debug sent phase1 packet 192.168.2.254[500]<=>80.xxx.115.108[500] efb5b13b3a9c152a:0000000000000000
dec/20 01:20:43 ipsec,debug new acquire 192.168.2.254[0]<=>80.xxx.115.108[0]
dec/20 01:20:43 ipsec,debug suitable outbound SP found: 192.168.1.0/24[0] 192.168.40.0/24[0] proto=any dir=out
dec/20 01:20:43 ipsec,debug suitable inbound SP found: 192.168.40.0/24[0] 192.168.1.0/24[0] proto=any dir=in
dec/20 01:20:43 ipsec,debug 80.xxx.115.108 request for establishing IPsec-SA was queued due to no phase1 found.
dec/20 01:20:44 ipsec,debug resent phase1 packet 192.168.2.254[500]<=>80.xxx.115.108[500] efb5b13b3a9c152a:0000000000000000
dec/20 01:20:44 ipsec,debug received Vendor ID: RFC 3947
dec/20 01:20:44 ipsec,debug received Vendor ID: CISCO-UNITY
dec/20 01:20:44 ipsec,debug received Vendor ID: DPD
dec/20 01:20:44 ipsec,debug 80.xxx.115.108 Selected NAT-T version: RFC 3947
dec/20 01:20:44 ipsec,debug 80.xxx.115.108 Hashing 80.xxx.115.108[500] with algo #2
dec/20 01:20:44 ipsec,debug 192.168.2.254 Hashing 192.168.2.254[500] with algo #2
dec/20 01:20:44 ipsec,debug Adding remote and local NAT-D payloads.
dec/20 01:20:44 ipsec,debug sent phase1 packet 192.168.2.254[500]<=>80.xxx.115.108[500] efb5b13b3a9c152a:5a32b3c476d9ac3d
dec/20 01:20:44 ipsec,debug 192.168.2.254 Hashing 192.168.2.254[500] with algo #2
dec/20 01:20:44 ipsec,debug NAT-D payload #0 doesn't match
dec/20 01:20:44 ipsec,debug 80.xxx.115.108 Hashing 80.xxx.115.108[500] with algo #2
dec/20 01:20:44 ipsec,debug NAT-D payload #1 doesn't match
dec/20 01:20:44 ipsec,debug NAT detected: ME PEER
dec/20 01:20:44 ipsec,debug KA list add: 192.168.2.254[4500]->80.xxx.115.108[4500]
dec/20 01:20:44 ipsec,debug sent phase1 packet 192.168.2.254[4500]<=>80.xxx.115.108[4500] efb5b13b3a9c152a:5a32b3c476d9ac3d
dec/20 01:20:44 ipsec,debug ISAKMP-SA established 192.168.2.254[4500]-80.xxx.115.108[4500] spi:efb5b13b3a9c152a:5a32b3c476d9ac3d
dec/20 01:20:45 ipsec,debug initiate new phase 2 negotiation: 192.168.2.254[4500]<=>80.xxx.115.108[4500]
dec/20 01:20:45 ipsec,debug pfkey GETSPI succeeded: ESP/Tunnel 80.xxx.115.108[4500]->192.168.2.254[4500] spi=208801044(0xc720d14)
dec/20 01:20:45 ipsec,debug NAT detected -> UDP encapsulation (ENC_MODE 1->3).
dec/20 01:20:45 ipsec,debug sent phase2 packet 192.168.2.254[4500]<=>80.xxx.115.108[4500] efb5b13b3a9c152a:5a32b3c476d9ac3d:fb383998
dec/20 01:20:45 ipsec,debug Adjusting my encmode UDP-Tunnel->Tunnel
dec/20 01:20:45 ipsec,debug Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)
dec/20 01:20:45 ipsec IPsec-SA established: ESP/Tunnel 80.xxx.115.108[4500]->192.168.2.254[4500] spi=208801044(0xc720d14)
dec/20 01:20:45 ipsec IPsec-SA established: ESP/Tunnel 192.168.2.254[4500]->80.xxx.115.108[4500] spi=662371(0xa1b63)
dec/20 01:21:15 ipsec,debug 80.xxx.115.108 DPD: remote (ISAKMP-SA 192.168.2.254[4500]<=>80.xxx.115.108[4500] spi=efb5b13b3a9c152a:5a32b3c476d9ac3d) seems to be dead.
dec/20 01:21:15 ipsec,debug purging ISAKMP-SA 192.168.2.254[4500]<=>80.xxx.115.108[4500] spi=efb5b13b3a9c152a:5a32b3c476d9ac3d.

dec/20 01:21:15 ipsec purged IPsec-SA spi=662371.
dec/20 01:21:15 ipsec purged IPsec-SA spi=208801044.
dec/20 01:21:15 ipsec purged ISAKMP-SA 192.168.2.254[4500]<=>80.xxx.115.108[4500] spi=efb5b13b3a9c152a:5a32b3c476d9ac3d.
dec/20 01:21:15 ipsec,debug pfkey DELETE received: ESP 192.168.2.254[4500]->80.xxx.115.108[4500] spi=662371(0xa1b63)
dec/20 01:21:15 ipsec,debug pfkey DELETE received: ESP 80.xxx.115.108[4500]->192.168.2.254[4500] spi=208801044(0xc720d14)
dec/20 01:21:16 ipsec,debug ISAKMP-SA deleted 192.168.2.254[4500]-80.xxx.115.108[4500] spi:efb5b13b3a9c152a:5a32b3c476d9ac3d rekey:1
dec/20 01:21:16 ipsec,debug KA remove: 192.168.2.254[4500]->80.xxx.115.108[4500]
dec/20 01:21:17 ipsec,debug new acquire 192.168.2.254[0]<=>80.xxx.115.108[0]
dec/20 01:21:17 ipsec,debug suitable outbound SP found: 192.168.1.0/24[0] 192.168.40.0/24[0] proto=any dir=out
dec/20 01:21:17 ipsec,debug suitable inbound SP found: 192.168.40.0/24[0] 192.168.1.0/24[0] proto=any dir=in
dec/20 01:21:17 ipsec,debug IPsec-SA request for 80.xxx.115.108 queued due to no phase1 found.
dec/20 01:21:17 ipsec,debug initiate new phase 1 negotiation: 192.168.2.254[500]<=>80.xxx.115.108[500]
dec/20 01:21:17 ipsec,debug begin Identity Protection mode.
dec/20 01:21:17 ipsec,debug sent phase1 packet 192.168.2.254[500]<=>80.xxx.115.108[500] 46ec621b557aa2da:0000000000000000
dec/20 01:21:27 ipsec,debug resent phase1 packet 192.168.2.254[500]<=>80.xxx.115.108[500] 46ec621b557aa2da:0000000000000000
dec/20 01:21:37 ipsec,debug resent phase1 packet 192.168.2.254[500]<=>80.xxx.115.108[500] 46ec621b557aa2da:0000000000000000
dec/20 01:21:46 system,info,account user dima logged in from 192.168.1.75 via web
dec/20 01:21:46 system,info,account user dima logged in via local
dec/20 01:21:47 ipsec,debug resent phase1 packet 192.168.2.254[500]<=>80.xxx.115.108[500] 46ec621b557aa2da:0000000000000000
dec/20 01:21:48 ipsec,debug 80.xxx.115.108 phase2 negotiation failed due to time up waiting for phase1. ESP 80.xxx.115.108[0]->192.168.2.254[0]
dec/20 01:21:48 ipsec,debug delete phase 2 handler.
dec/20 01:21:50 ipsec,debug new acquire 192.168.2.254[0]<=>80.xxx.115.108[0]
dec/20 01:21:50 ipsec,debug suitable outbound SP found: 192.168.1.0/24[0] 192.168.40.0/24[0] proto=any dir=out
dec/20 01:21:50 ipsec,debug suitable inbound SP found: 192.168.40.0/24[0] 192.168.1.0/24[0] proto=any dir=in
dec/20 01:21:50 ipsec,debug 80.xxx.115.108 request for establishing IPsec-SA was queued due to no phase1 found.

Mikrotik 2 6.37.3 (stable)

/ip address print
Flags: X - disabled, I - invalid, D - dynamic
# ADDRESS NETWORK INTERFACE
0 ;;; defconf
192.168.40.1/24 192.168.40.0 bridge
1 192.168.41.254/24 192.168.41.0 ether1

/ip ipsec policy print
Flags: T - template, X - disabled, D - dynamic, I - inactive, * - default
0 T * group=default src-address=::/0 dst-address=::/0 protocol=all
proposal=default template=yes

1 D src-address=192.168.40.0/24 src-port=any dst-address=192.168.30.0/24
dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=192.168.41.254
sa-dst-address=188.xxx.194.106 priority=2

2 D src-address=192.168.40.0/24 src-port=any dst-address=192.168.1.0/24
dst-port=any protocol=all action=encrypt level=require
ipsec-protocols=esp tunnel=yes sa-src-address=192.168.41.254
sa-dst-address=188.xxx.169.232 priority=2

/ip ipsec peer print
Flags: X - disabled, D - dynamic
0 address=0.0.0.0/0 local-address=0.0.0.0 passive=yes port=500
auth-method=pre-shared-key secret="grskrm126"
generate-policy=port-override policy-template-group=default
exchange-mode=main-l2tp send-initial-contact=yes nat-traversal=yes
hash-algorithm=sha1 enc-algorithm=aes-128,3des dh-group=modp1024
lifetime=1d dpd-interval=30s dpd-maximum-failures=1

/ip firewall nat print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=srcnat action=accept dst-address=192.168.1.0/24 log=no
log-prefix=""

1 chain=srcnat action=accept dst-address=192.168.30.0/24 log=no
log-prefix=""

2 ;;; defconf: masquerade
chain=srcnat action=masquerade out-interface=ether1 log=no
log-prefix=""

/ip route print
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
# DST-ADDRESS PREF-SRC GATEWAY DISTANCE
0 A S 0.0.0.0/0 192.168.41.1 1
1 ADC 192.168.40.0/24 192.168.40.1 bridge 0
2 ADC 192.168.41.0/24 192.168.41.254 ether1 0
3 X S 192.168.50.0/24 ether1 1


/ip firewall filter print
Flags: X - disabled, I - invalid, D - dynamic
0 D ;;; special dummy rule to show fasttrack counters
chain=forward action=passthrough

1 chain=output action=accept log=no log-prefix=""

2 ;;; allow forward for local adresses
chain=forward action=accept src-address-list=local_adresses log=no
log-prefix=""

3 chain=input action=accept log=no log-prefix=""

4 chain=forward action=accept log=no log-prefix=""

5 ;;; allow local adresses
chain=input action=accept src-address-list=local_adresses log=no
log-prefix=""

6 chain=input action=accept protocol=ipsec-esp log=no log-prefix=""

7 chain=input action=accept protocol=udp dst-port=500 log=no log-prefix=""

8 chain=input action=accept protocol=udp dst-port=4500 log=no log-prefix=">
9 chain=forward action=accept protocol=udp src-port=4500 log=no
log-prefix=""

10 chain=input action=accept protocol=udp src-port=1701 log=no log-prefix=">

11 ;;; defconf: accept ICMP
chain=input action=accept protocol=icmp log=no log-prefix=""

12 ;;; defconf: accept established,related
chain=input action=accept connection-state=established,related log=no
log-prefix=""

13 ;;; defconf: accept established,related
chain=forward action=accept connection-state=established,related log=no
log-prefix=""

14 XI ;;; defconf: drop all from WAN
chain=input action=drop in-interface=ether1 log=no log-prefix=""

15 XI ;;; defconf: fasttrack
chain=forward action=fasttrack-connection
connection-state=established,related log=no log-prefix=""

16 XI ;;; defconf: drop invalid
chain=forward action=drop connection-state=invalid log=no log-prefix=""

17 XI ;;; defconf: drop all from WAN not DSTNATed
chain=forward action=drop connection-state=new
connection-nat-state=!dstnat in-interface=ether1 log=no log-prefix=""

dec/20 01:20:44 ipsec,debug received Vendor ID: RFC 3947
dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-08

dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-07

dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-06

dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-05

dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-04

dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-03

dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-02

dec/20 01:20:44 ipsec,debug
dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-01

dec/20 01:20:44 ipsec,debug received Vendor ID: draft-ietf-ipsec-nat-t-ike-00

dec/20 01:20:44 ipsec,debug received Vendor ID: CISCO-UNITY
dec/20 01:20:44 ipsec,debug received Vendor ID: DPD
dec/20 01:20:44 ipsec,debug 188.xxx.169.232 Selected NAT-T version: RFC 3947
dec/20 01:20:44 ipsec,debug sent phase1 packet 192.168.41.254[500]<=>188.162.
169.232[500] efb5b13b3a9c152a:5a32b3c476d9ac3d
dec/20 01:20:44 ipsec,debug 192.168.41.254 Hashing 192.168.41.254[500] with a
lgo #2
dec/20 01:20:44 ipsec,debug NAT-D payload #0 doesn't match
dec/20 01:20:44 ipsec,debug 188.xxx.169.232 Hashing 188.xxx.169.232[500] with
algo #2
dec/20 01:20:44 ipsec,debug NAT-D payload #1 doesn't match
dec/20 01:20:44 ipsec,debug NAT detected: ME PEER
dec/20 01:20:44 ipsec,debug 188.xxx.169.232 Hashing 188.xxx.169.232[500] with
algo #2
dec/20 01:20:44 ipsec,debug 192.168.41.254 Hashing 192.168.41.254[500] with a
lgo #2
dec/20 01:20:44 ipsec,debug Adding remote and local NAT-D payloads.
dec/20 01:20:44 ipsec,debug sent phase1 packet 192.168.41.254[500]<=>188.162.
169.232[500] efb5b13b3a9c152a:5a32b3c476d9ac3d
dec/20 01:20:44 ipsec,debug NAT-T: ports changed to: 188.xxx.169.232[4500]<=>
192.168.41.254[4500]
dec/20 01:20:44 ipsec,debug KA found: 192.168.41.254[4500]->188.xxx.169.232[4
500] (in_use=2)
dec/20 01:20:44 ipsec,debug ISAKMP-SA established 192.168.41.254[4500]-188.16
2.169.232[4500] spi:efb5b13b3a9c152a:5a32b3c476d9ac3d
dec/20 01:20:45 ipsec,debug respond new phase 2 negotiation: 192.168.41.254[4
500]<=>188.xxx.169.232[4500]
dec/20 01:20:45 ipsec,debug Update the generated policy : 192.168.1.0/24[0] 1
92.168.40.0/24[0] proto=any dir=in
dec/20 01:20:45 ipsec,debug Adjusting my encmode UDP-Tunnel->Tunnel
dec/20 01:20:45 ipsec,debug Adjusting peer's encmode UDP-Tunnel(3)->Tunnel(1)

dec/20 01:20:45 ipsec,debug pfkey GETSPI succeeded: ESP/Tunnel 188.162.169.23
2[4500]->192.168.41.254[4500] spi=662371(0xa1b63)
dec/20 01:20:45 ipsec,debug sent phase2 packet 192.168.41.254[4500]<=>188.162
.169.232[4500] efb5b13b3a9c152a:5a32b3c476d9ac3d:fb383998
dec/20 01:21:15 ipsec,debug 188.xxx.169.232 DPD: remote (ISAKMP-SA 192.168.41
.254[4500]<=>188.xxx.169.232[4500] spi=efb5b13b3a9c152a:5a32b3c476d9ac3d) see
ms to be dead.
dec/20 01:21:15 ipsec,debug purging ISAKMP-SA 192.168.41.254[4500]<=>188.162.
169.232[4500] spi=efb5b13b3a9c152a:5a32b3c476d9ac3d.

dec/20 01:21:15 ipsec,debug keeping IPsec-SA spi=208801044 - found valid ISAK
MP-SA spi=9377272138298b80:675887a9bd417e1e.
dec/20 01:21:15 ipsec,debug keeping IPsec-SA spi=662371 - found valid ISAKMP-
SA spi=9377272138298b80:675887a9bd417e1e.
dec/20 01:21:16 ipsec,debug ISAKMP-SA deleted 192.168.41.254[4500]-188.162.16
9.232[4500] spi:efb5b13b3a9c152a:5a32b3c476d9ac3d rekey:1
dec/20 01:21:16 ipsec,debug KA remove: 192.168.41.254[4500]->188.xxx.169.232[
4500]
 
dipsy
just joined
Topic Author
Posts: 7
Joined: Mon Dec 19, 2016 11:55 pm

Re: ipsec unstable

Tue Dec 20, 2016 12:20 pm

Today I setup my 3rd mikrotik 192.168.20.0/24 on other site. It succesfully work with ipsec tunnel 192.168.40.0/24, rdp also works great.
But, on 192.168.1.0/24 ipsec breaks when I connect from any PC to RDP server at 192.168.40.0/24 (but ping work normal, web access to mikrotik 192.168.40.1 works as normal from 192.168.1.0/24)
I change mtu on Mikrotik 1 ether1 (wan) to 1400 and create mangle rule for mss 1360 bytes, but no result, ipsec breaks when I try to connect to rdp server. I cant understand what to do.
 
dipsy
just joined
Topic Author
Posts: 7
Joined: Mon Dec 19, 2016 11:55 pm

Re: ipsec unstable

Thu Dec 22, 2016 8:00 pm

in continue of active talks of my problem I want to say that I win in this battle but only in one configuration.
I download recent mikrotik firmware RC and try to use ikev2. Server Nat-T enabled, client Nat-t disable (both devices behind the nat modems) and it works.
Though server side generate many peers in some situation.
I think before that both sides MUST use Nat-T enabled to work together. Any thoughts?
Approve, same config with @main mode don't works.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10195
Joined: Mon Jun 08, 2015 12:09 pm

Re: ipsec unstable

Thu Dec 22, 2016 8:04 pm

I would not even try to have the central server behind NAT... only for the clients.
But apparently with IKEv2 it is all better.
 
dipsy
just joined
Topic Author
Posts: 7
Joined: Mon Dec 19, 2016 11:55 pm

Re: ipsec unstable

Thu Dec 22, 2016 8:35 pm

In ikev2 both sides behind static nat only! (others devices works with "dynamic nat - static nat" with main mode l2tp - succesfully)
 
dipsy
just joined
Topic Author
Posts: 7
Joined: Mon Dec 19, 2016 11:55 pm

Re: ipsec unstable

Fri Dec 23, 2016 9:12 am

Router OS set option to NAT-T enabled without any my actions, automatically! Why? Without this option my ipsec/esp works normal. With this option - not. Its nightmare.
p.s. router os 6.38rc52
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ipsec unstable

Fri Dec 23, 2016 1:38 pm

In v6.38 nat-t is enabled by default because many client devices require it, if NAT-T is not needed for some reason it can be disabled.
 
mikruser
Long time Member
Long time Member
Posts: 578
Joined: Wed Jan 16, 2013 6:28 pm

Re: ipsec unstable

Fri Dec 23, 2016 2:40 pm

In v6.38 nat-t is enabled by default because many client devices require it
lol wat???
facepalm.jpg
 
User avatar
mrz
MikroTik Support
MikroTik Support
Posts: 7042
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia
Contact:

Re: ipsec unstable

Tue Dec 27, 2016 1:26 pm

About original problem, please generate supout files after tunnel goes down and send then to support.
 
User avatar
zipvault
Member Candidate
Member Candidate
Posts: 140
Joined: Fri Dec 23, 2016 8:15 am

Re: ipsec unstable

Fri Dec 30, 2016 7:25 am

About original problem, please generate supout files after tunnel goes down and send then to support.

where do i send supout for support

support@mikrotik.com ?

can mikrotik distributors/certified trainers be trusted, eg one certified distributor is offering to help if i send supout, he seems very helpful

but another one went to help me the other week i noticed had sent me a weird link to a his own version of winbox
because as i extracted his winbox version link he sent i could see had some strange alias folders with his name inside the winbox contents package, and index files resources and some ips
seems to be strange to me here screenshot attached? maybe looks like login information for other users?

[img]
Screen%20Shot%202016-12-30%20.jpg
[/img]

i read something somewhere about a 30 day free support with any new system?
You do not have the required permissions to view the files attached to this post.
 
User avatar
zipvault
Member Candidate
Member Candidate
Posts: 140
Joined: Fri Dec 23, 2016 8:15 am

Re: ipsec unstable

Fri Dec 30, 2016 3:01 pm

anyone see the above post???


@normis i see your folder name in there also?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: ipsec unstable

Fri Dec 30, 2016 3:25 pm

That is nothing strange, just how Wine works. It is only an alias to a non existing folder.

Who is online

Users browsing this forum: Amazon [Bot], Bing [Bot], friend2809, Laxity, loloski, mkx, qatar2022 and 73 guests