Community discussions

MikroTik App
 
User avatar
xpkiller
just joined
Topic Author
Posts: 19
Joined: Wed Feb 29, 2012 7:20 pm
Location: Hungary, Budapest
Contact:

ONE Ipsec VPN restart

Sat Mar 24, 2012 7:19 pm

Hi,

I am new here but not in IT professional.
So, we have a lot of mt1100ah and we have a lot of ipsec vpn.
Sometimes I have seen vpn is establised but I can not send packet through tunnel. I would like to restart this connection but this feature is not supported just each ipsec tunnel.
I can not restart each at all error because other partners connected to us permanent TCP and if I restart each connection then it will be lost. (for eg. ATM)(we are bankcard processor)
What can I take?
br,
Peter
 
User avatar
xpkiller
just joined
Topic Author
Posts: 19
Joined: Wed Feb 29, 2012 7:20 pm
Location: Hungary, Budapest
Contact:

Re: ONE Ipsec VPN restart

Tue Mar 27, 2012 10:50 pm

I written to support and they have sent answers.
They said I can not restart one ipsec tunnel now but they will put this function to a future OS version.

I am waiting it very!
 
leonset
Member Candidate
Member Candidate
Posts: 256
Joined: Wed Apr 01, 2009 9:09 pm

Re: ONE Ipsec VPN restart

Thu Mar 29, 2012 10:35 am

Hi,

I'm having a similar problem and I have narrowed down the problem to my DSL router's stopping to pass ESP packets to the mikrotik router behind it. As I have no control over them, I use this script to check connectivity and flush SA's if neccesary:

:if ([/ping REMOTE_IP_REACHABLE_BY_THE_VPN_TUNNEL interval=3 count=3]<2) do={
:log warning "IPSec KO, flushing SAs"
/ip ipsec installed-sa flush sa-type=all
} else={
:log info "IPSec OK"
}

I run it every 33 seconds.
Hope it helps!
 
User avatar
xpkiller
just joined
Topic Author
Posts: 19
Joined: Wed Feb 29, 2012 7:20 pm
Location: Hungary, Budapest
Contact:

Re: ONE Ipsec VPN restart

Fri Apr 06, 2012 12:05 am

Yes, but this is the problem:
/ip ipsec installed-sa flush sa-type=all
that I have written I can not flush all SA because I have a lot of ipsec VPN and all tunnel under using and if I flush all SA then all TCP opened session will be lost.
Therefore I am waiting this feature. (that I can restart one ipsec tunnel)
 
User avatar
xpkiller
just joined
Topic Author
Posts: 19
Joined: Wed Feb 29, 2012 7:20 pm
Location: Hungary, Budapest
Contact:

Re: ONE Ipsec VPN restart

Thu May 10, 2012 12:54 am

New problem is that if I change or add a new ipsec/vpn peer then all established vpn is disconnected until I flush all SA :(

Who is online

Users browsing this forum: No registered users and 16 guests