Azure Ipsec VPN Interrupts

djvabe · Tue Apr 23, 2024 12:53 pm

Hello!
The problem I have is that I have an s2s Ipsec VPN between Mikrotik and Azure, which is constantly breaking.
I have already tried several write-ups, looked at several forum posts, but unfortunately I could not find a solution, that is why I am writing to you now.
I see this in the log:

11:20:14 ipsec,error no policy found/generated
 11:20:14 ipsec,error no proposal chosen
 11:20:14 ipsec,error no policy found/generated
 11:20:14 ipsec,error no policy found/generated
 11:20:14 ipsec,error no policy found/generated
 11:20:14 ipsec,error no policy found/generated
 11:20:14 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no proposal chosen
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:15 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated
 11:20:16 ipsec,error no policy found/generated

This is what our Ipsec Config currently looks like:

/ip ipsec profile
add dh-group=modp1024 enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=8h \
    name=profile_Azure
/ip ipsec peer
add address="AZURE PUBLIC IP" comment=Azure exchange-mode=ike2 local-address="LOCAL PUBLIC IP" name=Azure profile=profile_Azure
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 disabled=yes
add auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc name=\
    azure
/ip ipsec identity
add generate-policy=port-override peer=Azure
/ip ipsec policy
set 0 disabled=yes
add dst-address="AZURE Local IP /22" level=unique peer=Azure proposal=azure \
    src-address="Local Mikrotik Subnet 1" tunnel=yes
add dst-address="AZURE Local IP/24" level=unique peer=Azure proposal=azure \
    src-address="Local Mikrotik Subnet 2" tunnel=yes
add dst-address="AZURE Local IP/24" level=unique peer=Azure proposal=azure \
    src-address="Local Mikrotik Subnet 3"  tunnel=yes
add dst-address="AZURE Local IP/22" level=unique peer=Azure proposal=azure \
    src-address="Local Mikrotik Subnet 4" tunnel=yes
add dst-address="AZURE Local IP/22" level=unique peer=Azure proposal=azure \
    src-address="Local Mikrotik Subnet 5" tunnel=yes

Could you possibly help me with what the error could be?

johnson73 · Tue Apr 23, 2024 7:23 pm

To solve this problem you need to see the traffic rules of your firewall. If they are not defined correctly, it can affect the overall traffic flow as well as the stability of the vpn connection.
/export file=anynameyouwish (minus router serial number, public WANIP information, keys etc.)

Azure Ipsec VPN Interrupts

Azure Ipsec VPN Interrupts

Re: Azure Ipsec VPN Interrupts

Who is online