I have five locations each connected with a Mikrotik 750G router. Works great ... except the static VPN IPSec tunnels between locations.
The tunnels work ... the example page in the manual was a great help. However, the tunnels go down randomly and I must log in, do a "ping
There seems to be no rhyme nor reason to when the tunnels go down, and why several pings are needed to bring up the tunnel. Many times I just get "Packet rejected" and the tunnel doesn't get built.
An example policy:
Code:Select all
/ip ipsec policy print 0 src-a0ddress=192.168.10.0/24:any dst-address=192.168.0.0/24:any protocol=all action=encrypt level=require ipsec-protocols=esp tunnel=yes sa-src-address=[real ip of local router wan] sa-dst-address=[real ip of remote router wan] proposal=default priority=0
Code:Select all
/ip ipsec peer print 0 address=[remote real ip]/32:500 auth-method=pre-shared-key secret="********> generate-policy=no exchange-mode=aggressive send-initial-contact=yes nat-traversal=no proposal-check=obey hash-algorithm=md5 enc-algorithm=3des dh-group=modp1024 lifetime=1d lifebytes=0 dpd-interval=disable-dpd dpd-maximum-failures=1
Code:Select all
/ip ipsec proposal> print 0 name="default" auth-algorithms=md5 enc-algorithms=3des lifetime=1h pfs-group=modp1024Is this a bug or am I doing something wrong? Thanks in advance for any help!
-Andrew in Honduras
