Hi,

I've setup IPSec VPN on Mikrotik router. Everything works fine, so I backed up configuration and restored on same model, but different router.

Internet works just fine, but this is what I get (taken from logs):
Anyone have knows what that mean? I tried to delete everything from IP-->IPSec settings and re-create, but it's always the same error. Tried to remove firewall rules, but still the same issue.

Using latest RouterOS on 1100AHx4.

The last rule appears to be an IPv6 ipsec issue.

Are you trying to terminate the tunnel on IPv4 or IPv6?

The last rule appears to be an IPv6 ipsec issue.

Are you trying to terminate the tunnel on IPv4 or IPv6?

Hi,

What I was going to do is to create an interface, where all traffic is being routed through VPN server. VPN IPSec connection is established from Mikrotik router, so the only thing needed to do is to route all traffic through connected VPN server.

Comes out the issue was purely related to backup&restore from different device (even the same model). It has nothing to do with IPv6 (same messages appear on any other Mikrotik router when starting connection). Please note everyone - always, ALWAYS use export & import instead of backup&restore (especially when migrating from one Mikrotik to another). This is a nice guide: https://jcutrer.com/howto/networking/mi ... nd-restore (Text Config Backup). You will save yourself from many random issues. In my case it was just VPN tunnel not starting. For no reason - just not starting (without any further logs). And it was caused by backup&restore on different Mikrotik device.

--------------------------------------------------

BONUS knowledge

So once I reset router following that guide, I came to another issue with IPSec VPN. Symptoms:
1. Usually no packet loss. Rarely it's like 40%, but usually ping works just fine.
2. Randomly (not) loading websites.
3. Speed test usually slowly kicks in. It's like slowly accelerating in speedtest.net
4. Everything loads just fine (in browser), but to load any page takes like 10-15 seconds (300mbps internet), or sometimes not finish loading at all.

After spending the whole day at work I solved the issue. Thing's I've done to solve it:

1. Reduced MSS size to 1280 (anything higher caused issues) 2. Excluded VPN connection from fasttrack (in my case, "vlan_13" is the interface where all traffic is being routed through VPN): 3. IP --> IPSec --> Profiles (and your profile) --> Unchecked "NAT Traversal" checkbox.

Not sure about last point, but 2nd and 1st points were crucial to get a properly working internet connection under VPN.

Considering these symptoms, the first thing that came to my mind is too large MSS. Changing to even value of 1000 didn't fix anything. So I believe this is mostly related to fasttrack and VPN connection. Or maybe "NAT Traversal" (i did not want to continue investigating - had enough of this for today). Feel free to add this to your knowledge base.

You can close this thread as solved.