Hi,
I don't know if this is a bug or the way it is supposed to work (I'm still new to MikroTik) but after L2TP/IPsec client disconnects, the dynamic IPsec policy is not deleted by the router. It remains present in the Policies list and cannot be deleted even manually. The only way to clean the list is to reboot the router. Is this normal?
Thank you.
Best regards
Re: [6.10] Dynamic IPsec policies not deleted after disconne
I'm actually seeing this behavior also.... seems to be new to 6.10. You can go flush the connections and it clears them out.Hi,
I don't know if this is a bug or the way it is supposed to work (I'm still new to MikroTik) but after L2TP/IPsec client disconnects, the dynamic IPsec policy is not deleted by the router. It remains present in the Policies list and cannot be deleted even manually. The only way to clean the list is to reboot the router. Is this normal?
Thank you.
Best regards
Re: [6.10] Dynamic IPsec policies not deleted after disconne
Yes, flushing the connections works but only when the connections are still active. When the client disconnects, the connections are gone but the policies are still there.
Re: [6.10] Dynamic IPsec policies not deleted after disconne
Flush the SAS. That got rid of them for me.
Sent from my SCH-I545 using Tapatalk
Sent from my SCH-I545 using Tapatalk
Re: [6.10] Dynamic IPsec policies not deleted after disconne
Hmm, if flushing the SAs gets rid of the policies then is it possible that the issue has something to do with the "Lifetime" setting in Peer (Phase 1)? Mine is set to 1 day.
Re: [6.10] Dynamic IPsec policies not deleted after disconne
I realize this is an old thread but I ran across it today on a 6.7 router. Does anyone know if the fact that these dynamic policies are not being removed automatically is a bug or a feature? Having to manually flush SAs to clear them out (or reboot the router) isn't really a great option.
Assuming it's a bug - has it been fixed yet?
Assuming it's a bug - has it been fixed yet?
Re: [6.10] Dynamic IPsec policies not deleted after disconne
Hi.
I have the same trouble. I use OS v6.19. Are there a solving?
I have the same trouble. I use OS v6.19. Are there a solving?
Re: [6.10] Dynamic IPsec policies not deleted after disconnect
Hi.
I have the same trouble. Are there a solving? I use OS 6.25
Thank you.
Best regards
I have the same trouble. Are there a solving? I use OS 6.25
Thank you.
Best regards
Re: [6.10] Dynamic IPsec policies not deleted after disconnect
Same issue here, the dynamic policy is created (as it should) from setting the l2tp server to use-ipsec and assigning a pre-shared key. however once the client disconnects from the l2tp/ipsec tunnel, the dynamic plolicy should be removed (and if the user re-connects from the same source IP, then it should again be recreated).
the issue is that the dynamic policy is not removed, and then there is no way to manually remove it (it gives error, can not remove dynamically created policy). If another l2tp (non ipsec) device needs to connect on udp 1701 udp, then they cannot until the prior rule is removed (which there is no way to do so).
should be a somewhat simple bug fix for mikrotik.
thanks
EDIT: CORRECTION, you can "flush" any dynamically created policies by going to "installed SAs" and clicking flush then choose ALL. I still think some kinda of idel timer should be set on dynamically created ipsec policys
the issue is that the dynamic policy is not removed, and then there is no way to manually remove it (it gives error, can not remove dynamically created policy). If another l2tp (non ipsec) device needs to connect on udp 1701 udp, then they cannot until the prior rule is removed (which there is no way to do so).
should be a somewhat simple bug fix for mikrotik.
thanks
EDIT: CORRECTION, you can "flush" any dynamically created policies by going to "installed SAs" and clicking flush then choose ALL. I still think some kinda of idel timer should be set on dynamically created ipsec policys