Page 1 of 1

IPsec tunnel doesn't reestablish

Posted: Tue Apr 10, 2018 3:53 pm
by passarelli
Hello everyone,
I have 3 ipsec tunnels configured, all of them was working properly until my internet link failed, 10 days ago.
When the internet link has came back 2 tunnels were reestablished and are working properly, but one didn't.
I've flush installed SAs and killed Peers connections, but didn't work.
Is there something else I could do?
Regards,

Re: IPsec tunnel doesn't reestablish

Posted: Tue Apr 10, 2018 6:00 pm
by sindy
Is there something else I could do?
Regards,
You can set the logging to log all ipsec related messages (to memory!) at both ends and read the result to find out what is actually going on.

Re: IPsec tunnel doesn't reestablish

Posted: Tue Apr 10, 2018 6:02 pm
by tippenring
/system logging
add disabled=no prefix="IPSEC: " topics=ipsec,!packet

Re: IPsec tunnel doesn't reestablish  [SOLVED]

Posted: Mon Jun 11, 2018 9:40 pm
by passarelli
Hello, sorry for delayed reply.
It is working properly now, I've entered in contact with mikrotik support and they said I was missing src-nat rule below.
/ip firewall nat add chain=srcnat action=accept src-address=Local-Public-Address dst-address=Remote-Public-Address place-before=0
Thanks for all replies.

Re: IPsec tunnel doesn't reestablish

Posted: Tue Jun 12, 2018 2:01 am
by CZFan
Hello, sorry for delayed reply.
It is working properly now, I've entered in contact with mikrotik support and they said I was missing src-nat rule below.
/ip firewall nat add chain=srcnat action=accept src-address=Local-Public-Address dst-address=Remote-Public-Address place-before=0
Thanks for all replies.

I am not sure how it was then possible for these tunnels to work before?

Also, the src at rule should be internal LAN IP's and not external public IP's