I was able to confirm that disabling fasttrack resolves the issue. I'll do some digging to try and get my fasttrack rule more focused.

Thanks for your assistance!

I've got the strangest issue. I'm having issues with one-way audio when calls are sent over an IPSEC tunnel (it works fine if not going over the tunnel). The endpoint behind the firewall cannot hear the outside call, but the person on the outside can hear the endpoint behind the firewall. It seemed ...

Hi all, I'm currently working on a project where I'm hoping to use Mikrotik routers with 4G cards. We've got a private connection with Verizon and want to be able to have routes from our datacenter to the clients behind the end-user router. The problem is that we don't control the routers between ou...

@nathan1 Hello Nathan. I've just implemented your instruction and script in simulation file in GNS3 before implement it in my real Network. I could follow it until Activating first router as : "MikroTik_HA_A_ACTIVE". After that I tried to bootstrap my 2nd router and it was just done and r...

Correct. Absolutely. Let me know when/what works for you.

The code I copied was right after running $HAInstall on RouterA. I ran the code $haInstall exported on RouterB, but it didn't appear to work. RouterB restarted, but after the restart, it never ran HA_bootstrap.rsc. I tried importing the HA_bootstrap.rsc file on RouterB manually, but it just failed d...

I'm having an odd issue with running the script on 6.44.5. The setup on the first router goes fine, but the commands to run to bootstrap router B seem incomplete which seems to cause the bootstrap to fail. Below is my output. It seems as if $HAAddressOther isn't getting populated. Any ideas on what'...

Hi all, I am trying to find a way to make RADIUS work with layer 3. We have quite a few connections coming in through a VPN connection and our provider does not pass layer 2 at all. We really need to get bandwidth quotas setup for all the users but I have yet to find a way to do this using only IP a...

Dead peer detection is disabled on mine.

What exactly is happening with your connection?

ok. i got the solution! 1) Probably all your ip's on WAN have equal mask .... that is wrong. All except one has to have /32 (assuming all of them have same gateway ip) 2.0) Firewall - NAT add rule on top (before your masquerade) src-nat dest-addr <your remote peer ip> protocol 50 action=accept 2.1)...

Perfect! I had a value for network set on the Address list as well. I had to remove that when I took the /28 subnet off or it wouldn't communicate to my gateway.

Thanks!!

I have more or less the same problem that cannot be solved at the moment ... at least by me :( Problem is in fact that MT tries to reach gateway from lowest IP number. For ex. if you have .3, .2, .1 on WAN and ipsec is made from .2 then MT is trying to push all traffic through .1 address to gateway...

My issue is that the IPsec trunk doesn't connect at all. So far it has worked to disable all the IP addresses except for the IP address that IPsec uses. As soon as they are disable it connects and then I can re-enable everything and it stays up. I can even terminate the IPsec connection and upon re-...

Should I assume this is a bug and file a bug report?

Maybe you forgot to allow UDP port 500 and/or protocol ESP/AH for input? It will work ok when a router makes the outgoing connection and traffic keeps flowing, due to the ESTABLISHED rule, but when one side is rebooted the link may be dead. There is a rule for this. I was suspecting this as well bu...

I tried adding some routes to the remote IP address with a preferred IP of the one that I want it to use. This didn't make any difference except when I disabled my IP addresses, my IPSec connection didn't come up again. I had to remove the routes, disable the IP addresses and then restart for it to ...

I am having an issue with Phase 1 of 2 IPSec connections failing on a router restart. It is showing as a Phase 1 timeout error. As soon as I disable all external IP addresses (there are 4, all in the same subnet) except for the IP being used by the IPSec connection, it works. I can re-enable these I...

I'm currently working on a project where I need a router/firewall to manage quite a few devices. The devices will be on a large LAN (similar setup to a WISP) and I will need to easily be able to authenticate them, preferably using the MAC address. I then need to control their data usage per month, a...