The problem I have is that I have an s2s Ipsec VPN between Mikrotik and Azure, which is constantly breaking.
I have already tried several write-ups, looked at several forum posts, but unfortunately I could not find a solution, that is why I am writing to you now.
I see this in the log:
Code: Select all
11:20:14 ipsec,error no policy found/generated
11:20:14 ipsec,error no proposal chosen
11:20:14 ipsec,error no policy found/generated
11:20:14 ipsec,error no policy found/generated
11:20:14 ipsec,error no policy found/generated
11:20:14 ipsec,error no policy found/generated
11:20:14 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no proposal chosen
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:15 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
11:20:16 ipsec,error no policy found/generated
Code: Select all
/ip ipsec profile
add dh-group=modp1024 enc-algorithm=aes-256 hash-algorithm=sha256 lifetime=8h \
name=profile_Azure
/ip ipsec peer
add address="AZURE PUBLIC IP" comment=Azure exchange-mode=ike2 local-address="LOCAL PUBLIC IP" name=Azure profile=profile_Azure
/ip ipsec proposal
set [ find default=yes ] auth-algorithms=sha256,sha1 disabled=yes
add auth-algorithms=sha256,sha1 enc-algorithms=aes-256-cbc,aes-128-cbc name=\
azure
/ip ipsec identity
add generate-policy=port-override peer=Azure
/ip ipsec policy
set 0 disabled=yes
add dst-address="AZURE Local IP /22" level=unique peer=Azure proposal=azure \
src-address="Local Mikrotik Subnet 1" tunnel=yes
add dst-address="AZURE Local IP/24" level=unique peer=Azure proposal=azure \
src-address="Local Mikrotik Subnet 2" tunnel=yes
add dst-address="AZURE Local IP/24" level=unique peer=Azure proposal=azure \
src-address="Local Mikrotik Subnet 3" tunnel=yes
add dst-address="AZURE Local IP/22" level=unique peer=Azure proposal=azure \
src-address="Local Mikrotik Subnet 4" tunnel=yes
add dst-address="AZURE Local IP/22" level=unique peer=Azure proposal=azure \
src-address="Local Mikrotik Subnet 5" tunnel=yes