Community discussions

MikroTik App
 
mjmabs
just joined
Topic Author
Posts: 17
Joined: Tue Feb 12, 2013 11:54 pm

IPsec between CCR v7.6 and SonicOS x7 timeout

Tue Dec 20, 2022 10:18 pm

Have been able to successfully create an IPsec tunnel between a Mikrotik CCR1009 running v7.6 and a Sonicwall NSV270 running SonicOS7. The only odd issue still happening is a daily timeout of the IPsec tunnel. If you go under Active Peers it shows the tunnel connected but numeric values are not changing, traditional network test of ping, traceroute, ssh show failed response. On Sonicwall Side it show IPsec tunnel dropped but no errors reported. Other IPsec tunnels seem to be stable but those are all Mikrotik to Mikrotik connections.

To correct issue, I go back into "Active Peers" and highlight the peer and kill the connection it starts a reconnect and everything works again. Next day tunnel is in timeout state.

Tried messing with IPsec Profile > DPD but anything other than "disable DPD" and tunnel won't connect. Proposal check is set to "obey" with Lifetime set to 1d 00:00:00
Under IPsec Proposal > Lifetime is set to 00:30:00

Any Ideas?
 
pietvwakpm
just joined
Posts: 4
Joined: Thu Aug 11, 2022 10:14 pm

Re: IPsec between CCR v7.6 and SonicOS x7 timeout

Wed Feb 15, 2023 11:41 pm

I haven't run across this issue yet.

I have my DPD Interval set at 120, Lifetime set at 08:00:00 (Same as in IPsec Proposal).
I would be interested in knowing why your tunnel doesn't work with DPD on.

I will mention that I'm doing IKEv1 PSK. (Unfortunately, RouterOS 7.7 BREAKS the VPN connection by not allowing "remote id" in IPsec Identity.

- Piet

Who is online

Users browsing this forum: arm920t, ccrsxx and 50 guests