Anyone had any luck solving this or at least pin pointing the cause. I have tried tweaking my crypto settings and reverting firmware back to 6.48 LTS- but the problem persists. Or rather, it has returned. The past few weeks the VPN connection has been pretty stable and I havent had to flush the SA, ...

Yes that's correct - I am still on v6 - v6.49.7 to be precise. I only went to this version recently, previously I was on a previous stable 6.49.x so not too old. The problem has presented itself for a while, but has felt a lot worse lately. Interesting to see you have a similar issue. The symptoms ...

Hmm Interesting... can i infer from your post that you're still using ROS 6.x? I have basically the same setup - hEX as an IKEv2 client to Nord - and it was working pretty flawlessly until I upgraded the firmware from 6.49 to 7.6 the other day. Since then I have been experiencing what sounds like th...

These forums are for help on Mikrotik devices, and not forums on Third Party VPNs. If you have a legitimate question on which third party VPNs WORKS with Mikrotik etc. I would give you the time of dayl However, this is pure marketing BS for third party VPNs , and not having any part of it and recom...

No I dont like spam and everywhere else I turn some dick or site is trying to sell or push a VPN. So I consider this spam. A new poster eh. If you were someone here who had posted frequently or even a little bit, then that would be a different story. To come hear out of the blue and be suddenly ask...

Sorry do your research formally, not on my dime. Fuck me sideways, what is it with self righteous assholes on this forum? This IS research. I'm asking for OPINIONS based on USER EXPERIENCE. If you don't want to contribute, that's fine, but your self indulgent "don't waste my time" bullshi...

It's 2022... VPNs are basically mainstream now, but sadly service providers are still very focused on using custom soft clients (mobile/desktop apps) for connecting. If you're like me (and if you're reading this, I assume you are), you prefer to connect your whole house to the VPN at your router - y...

The PMTUD must work both ways, i.e. not only the client (your PC) must be able to receive the ICMP "fragmentation needed" messages from your router (which is the purpose of the action=none policy), but also the server must be able to receive it from the VPN gateway router, as the MTU bott...

Apologies for resurrecting an old thread, but I wanted to ask if anyone has had any issues with this fix/workaround suddenly no longer working? I have had my hEX router working with surfshark fairly smoothly for months, then suddenly I started having issues with pages loading which indicated MTU iss...

Then how do other non-RouterOS clients deal with it? Do they also disconnect every five seconds? I'm guessing no, otherwise VPN provider could hardly use this config. Well for starters, this issue is specific to IPSec, so any client that uses the Openvpn protocol by default wouldn't be affected. As...

I'd question whether what RouterOS does is correct. I'm not saying that it definitely isn't, but it seems wrong, or at least not expected or desired. If you have other kinds of VPN (SSTP, ...), they don't care about address changes. They take hostname when they connect, resolve it to IP address and...

shogunx can you maybe compare your script ? What about only to request that script by rb start and after dropping the line and not every 8 hours ? My script config: /ip dns static add address=180.149.228.117 name=syd-vip.surfshark.local ttl=5m type=A /system script add dont-require-permissions=no n...

surfshark have changed the way they do dns. I am having the same problem - working fine for 5 months. if you check the logs. routeros see the dns change and brings down the ipsec tunnel creates to new destination address .. then when it changes again .. loop de loop pick one ip and use that address...

I have opened a support ticket with Surfshark, they are slow but the do respond. So far they have not been very helpful though, just asking me to try different DNS servers and send them screenshots of ipleak.net. funnily enough, I worked out a similar work around as msatter suggested regarding the s...

I have run into a weird problem with my IKEv2 IPSec VPN. About a week ago I set up my hEX router as an IKEv2 client using Surfshark. There were some teething issues regarding PMTU and fasttrack which I figured out eventually, but once I got that sorted the tunnel came up and was stable and fast for ...

You need this - viewtopic.php?t=152356#p751279
and this - viewtopic.php?f=2&t=154449&p=763404#p763404

Sounds like the same problem I had. Fix for me was to modify the fasttrack rule in the forward chain of the firewall rules so that it wouldnt match ipsec packet - do this by adding "connection-mark=!ipsec" to the rule.

I got this working on a hEX router over the weekend. I mostly followed the guide from the Surfshark site (https://support.surfshark.com/hc/en-us/articles/360012906220-Mikrotik-router-tutorial-with-IKEv2 - based on the NordVPN guide from Mikrotik anyway I think), but I did find a couple of things ext...