Hi all,
I have 2 x RB3011's running v6.45.7 (inc firmware) that are exhibiting the same behavior after creating L2TP IPSec tunnels and I believe that IPSec hardware encryption might have something to do with it. When I configure L2TP back to head office (used by RB2011's + others for the same purpose) the tunnel works fine. As soon as I enable IPSec on the L2TP connection with our pre-shared key, the RB3011 thinks for a few seconds, sends a couple of screen updates to winbox, then reboots itself. In the log after reboot is message 'system, error, critical: kernel failure in previous boot' and 'router was rebooted without proper shutdown'.
Now I see that IPSec hardware encryption was enabled for the RB3011 in v6.43.1. I can't see many others talking about this specific issue since then. I believe the issue is due to hardware encryption because if I manually configure the peer & proposal at both ends and set the proposal to use SHA512, the tunnel + IPSec work fine. SHA512 is not supported by hardware encryption according to documentation, so I assume it is falling back to software encryption.
I don't have a broken config to export at the moment - it's working right now and I need it to work. However I can replicate this in lab next week if required.
Is this a common/known issue that I just haven't found discussion on? Or is this more likely a config issue on my part?