Community discussions

MikroTik App
 
mikemac
just joined
Topic Author
Posts: 6
Joined: Mon Dec 17, 2018 12:49 pm

IKEv2 disconnected in OSX after 8 minutes.

Fri Oct 16, 2020 8:32 pm

Hi,

I have problem with my IKEv2 on MT 6.46.7 because it is disconnected after 8 minutes.
My configuration is:
ip ipsec profile add dh-group=modp2048 enc-algorithm=aes-256 hash-algorithm=sha256 name=vpn_profile
ip ipsec peer add exchange-mode=ike2 local-address=public_ip name=vpn_peer passive=yes profile=vpn_profile send-initial-contact=no
ip ipsec proposal add auth-algorithms=sha256 enc-algorithms=aes-256-cbc lifetime=8h name=vpn_proposal pfs-group=none
ip pool add name=vpn_pool ranges=192.168.0.2-192.168.0.10
ip ipsec mode-config add address-pool=vpn_pool address-prefix-length=32 name=vpn_config split-include=0.0.0.0/0 static-dns=8.8.8.8 system-dns=no
ip ipsec identity add auth-method=digital-signature certificate=router generate-policy=port-strict match-by=certificate mode-config=vpn_config peer=vpn_peer remote-certificate=user1 remote-id=fqdn:user1@domain.com
ip ipsec policy set proposal=vpn_proposal template=yes action=encrypt ipsec-protocols=esp
Connection is established from Mac OS based on native IKEv2 built in client.
Who can help me? Thanks in advance.

Mike
 
carragom
just joined
Posts: 9
Joined: Mon Feb 14, 2011 3:51 am

Re: IKEv2 disconnected in OSX after 8 minutes.

Wed Apr 07, 2021 5:03 am

Hi,

I think this medium post has a detailed explanation of what could be the cause of your problem, I hope this helps.

https://medium.com/@kerberjg/resolving- ... 6d5795e587

Cheers.
 
heney99079
just joined
Posts: 2
Joined: Mon Sep 04, 2023 5:40 am

Re: IKEv2 disconnected in OSX after 8 minutes.

Mon Sep 04, 2023 5:45 am

I think this medium post has a detailed explanation of what could be the cause of your problem, I hope this helps.

https://medium.com/@kerberjg/resolving- ... 6d5795e587
Thanks for sharing this post; in my case setting PFS Group for the proposal to `modp2048` fixed the issue for me – apparently, iOS/macOS tries to renew the keys requiring this PFS Group. Previous value I had was `modp1024` and debug logs were showing no matching proposal at the time of renewal.

Who is online

Users browsing this forum: No registered users and 66 guests