Community discussions

MUM Europe 2020
 
dnordenberg
newbie
Topic Author
Posts: 31
Joined: Wed Feb 24, 2016 8:00 pm

IPsec lockup, DPD not working?

Mon Dec 30, 2019 11:03 am

Hello!
I have some IPsec tunnels that sometimes seems to get stuck in a locked up state where no data is passed through them. I can not see any real reason, they just randomly decide to stop passing data for a period.
I do have DPD configured but it does not seem to trigger on this for some reason.
From what I can see in my monitoring the tunnel went down 16:21 and up again 16:49. The 1 hour lifetime seems to be what makes the tunnel work again, it is always down under an hour.
I do think this is somehow routeros related because I have other strongswan based devices going against the same Cisco ASA with same config in remote end and they do not act like this, only my mikrotiks do. Tried routeros latest 6.44, 6.45 and now on 6.46.1 with same problem so it does not seem to be a recent issue.
Any tips?

Nothing special in the log:
ipsec2.PNG
Peer settings:
ipsec.PNG
You do not have the required permissions to view the files attached to this post.
 
Znevna
Frequent Visitor
Frequent Visitor
Posts: 70
Joined: Mon Sep 23, 2019 1:04 pm

Re: IPsec lockup, DPD not working?

Mon Dec 30, 2019 12:05 pm

What client? I didn't experience such a thing with StrongSwan. Except that my battery was almost dead overnight because of the 20s keep-alives.
PS: clients log might be useful too.
LE: nevermind. routeros IS the client. skip this post. too early for me.
 
dnordenberg
newbie
Topic Author
Posts: 31
Joined: Wed Feb 24, 2016 8:00 pm

Re: IPsec lockup, DPD not working?

Thu Jan 02, 2020 8:51 am

LE: nevermind. routeros IS the client. skip this post. too early for me.
Exactly :) No problem, thanks for trying to help anyway :)

Anyone else have any idea? I don't know where to start looking :(

Who is online

Users browsing this forum: Bing [Bot], Google [Bot] and 165 guests