Community discussions

MikroTik App
Topic Author
Posts: 39
Joined: Tue Sep 12, 2006 2:57 pm
Location: DE

IPSec Rekeying

Tue Jun 03, 2014 6:05 pm


I just set up a IPSec Connection between two Routerboards ROS v. 6.13
The connection works fine.

I just noticed that there seems to be something wrong with the rekeying.

As far as I understand the logic the rekeying of the phase2 should happen while
the current SAs are in the "dying" state.

To me it looks like the rekeying only happens when the old SA is hard expired and removed.
This leads to some packets of loss on each rekey.

Am I missing something or how could this be fixed?

User avatar
MikroTik Support
MikroTik Support
Posts: 6196
Joined: Wed Feb 07, 2007 12:45 pm
Location: Latvia

Re: IPSec Rekeying

Fri Jun 13, 2014 4:24 pm

Please try v6.15.
just joined
Posts: 8
Joined: Mon May 26, 2008 4:41 pm

Re: IPSec Rekeying

Tue Jun 17, 2014 9:45 pm

Exactly the same problem here, and 6.15 does not solve this.
Posts: 48
Joined: Wed Nov 16, 2011 6:03 am
Location: USA

Re: IPSec Rekeying

Wed Jun 18, 2014 6:27 pm

I wonder if this IPSEC problem could be the cause of the SIP phone problem I've been having. Random phone sets connected through a new, multi-site, all-Mikrotik IPSEC VPN to a PBX in the main office would fail to register inside of 24 hours. Manual reboot of main office router or PBX would fix for a time. So far defeating the SIP helper on the phone connections seems to have fixed the problem. Maybe this IPSEC problem hangs up the SIP helper.

An older but nearly identical configuration at a different business never had this problem. The main difference there is the firmware releases are all 6.7, where this new installation are all 6.13 or 6.15 (main office). In the old installation the SIP helper is enabled on all routers, the default.

Who is online

Users browsing this forum: infabo, joegoldman, mikeeg02 and 216 guests