Community discussions

MikroTik App
  4. RouterOS
  5. General

Reboot and Factory reset on bad IPSEC configuration parameters.

Post Reply
 
hechz
just joined
Topic Author
Posts: 18
Joined: Fri Jan 23, 2015 1:36 pm

Reboot and Factory reset on bad IPSEC configuration parameters.

Tue Feb 14, 2017 10:57 pm

Since early January, when running 6.37.3 or 6.38.1, I have had several issues with IPSEC, mostly L2TP Road-Warrior profiles. The issue I have been working on, is simultaneous configurations for Windows 10, iPhone, Android, and Linux clients. Whilst I muddled through various permutations of configurations that may function when all 0.0.0.0<->0.0.0.0 policies and peers are enabled, I have encountered an issue, wherein the device (an RB951Ui-2HnD) completely blocks all traffic. A reset is required, and some form of manual copy and paste is required of a back-up configuration.

I do realise that this is a fairly vague report, but wanted to see if there were others that were experiencing full device failures whilst modifying IPSEC configurations.

I'll be happy to work on steps to reproduce the conditions, but have yet to find a consistent base-case, the situation always arises when modifying IPSEC configs though.
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10234
Joined: Mon Jun 08, 2015 12:09 pm

Re: Reboot and Factory reset on bad IPSEC configuration parameters.

Tue Feb 14, 2017 11:33 pm

when all 0.0.0.0<->0.0.0.0 policies and peers are enabled, I have encountered an issue, wherein the device (an RB951Ui-2HnD) completely blocks all traffic
That is what is to be expected!
This policy means "no matter what the source and destination are, traffic is to be encrypted".
When you have no more specific policy without encryption, this will usually lock you out of tje device.
When you really want to protect traffic between networks, it is much more failsafe to define a tunnel interface (IPIP, GRE, L2TP etc) with IPsec protection and
then route the traffic over that tunnel using static routes or autorouting.
Top
 
hechz
just joined
Topic Author
Posts: 18
Joined: Fri Jan 23, 2015 1:36 pm

Re: Reboot and Factory reset on bad IPSEC configuration parameters.

Thu Feb 16, 2017 3:05 pm

That pretty strange as I have this up, and had it working, following the procedure at http://www.nasa-security.net/mikrotik/m ... ith-ipsec/, and it's been working away without issue.
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10234
Joined: Mon Jun 08, 2015 12:09 pm

Re: Reboot and Factory reset on bad IPSEC configuration parameters.

Thu Feb 16, 2017 4:23 pm

Then why do you report a problem?
Top
 
hechz
just joined
Topic Author
Posts: 18
Joined: Fri Jan 23, 2015 1:36 pm

Re: Reboot and Factory reset on bad IPSEC configuration parameters.

Fri Feb 17, 2017 12:35 am

Because the router fully rebooting back to factory default when you change the hashing algorithm on an IPSEC configuration seems to be a pretty unintended behaviour.
Top
 
pe1chl
Forum Guru
Forum Guru
Posts: 10234
Joined: Mon Jun 08, 2015 12:09 pm

Re: Reboot and Factory reset on bad IPSEC configuration parameters.

Fri Feb 17, 2017 11:19 am

Sorry but your report is misleading. And at best it is very incomplete.
Post your config file or get in contact with support sending a supout.rif file.
Top
Post Reply

Who is online

Users browsing this forum: Bing [Bot], brunolabozzetta, ChadRT and 96 guests
  4. RouterOS
  5. General