Community discussions

MikroTik App
 
jrbr
just joined
Topic Author
Posts: 2
Joined: Sat Feb 05, 2022 10:00 pm

IPsec doesn't come up after reboot

Wed Mar 16, 2022 11:34 pm

I'm having some trouble with IPsec. Both devices run v7.1.3 and use RSA keys for auth (generated on the devices). DPD is set to 1 minute.

The tunnel comes up fine (shows an active peer, SA's show up and traffic passes across the tunnel). However after reboot of one of the devices the tunnel doesn't come up anymore.

Logs on the initiator show 'phase1 negotiation failed' and it keeps trying to initiate connections. Logs on the responder show 'phase1 negotiation failed due to time up' and responses to new phase 1 connections.

Using PSK or PSK with xauth seems to survive reboots, however it looks like RSA authentication only works after setting up new keys, and then fails again when a device reboots.

I'm not quite sure what might be causing this. It's almost as if the key pair on the rebooted device becomes unusable after a reboot.

Does anyone perhaps have some insights on what might be causing this?

Who is online

Users browsing this forum: f008600, phascogale, worm and 63 guests