Page 1 of 1
BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 8:45 am
by ATROX
There are several tunnels IPsec. Regardless of time and without changing any settings tunnels stop working.
In the settings you can see that the key exchange in one direction occurs, but the traffic flow is not (IP->IPsec->Installed SAs->some key->Current Bytes=0).
After several reboots tunnel restored. After spending some time again stops working.
Fix please!
Remote office work impossible. Business idle incur losses
RouterOS - v6.15/6.14
HW - CCR1036-12G-4S, RB2011UiAS, RB951G-2HnD, RB2011UiAS-2HnD
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 9:00 am
by ATROX
I updated every 6.15.
6.15 between the same problem.
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 9:35 am
by jarda
Duplicate topic? Have you sent message to support?
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 9:56 am
by ATROX
Duplicate topic? Have you sent message to support?
Sute on a separate issue. I really left the same message in another topic. But it is to discuss the new version. Yes, I sent a message to support.
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 1:31 pm
by semakka
set a ping script like
/ping <remote private IP> src-address=<local private IP> count=10
and run it every 5 minutes or so...
I've had the same issue when there was no traffic through the tunnels and that sorted it
cheers
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 1:50 pm
by ATROX
set a ping script like
/ping <remote private IP> src-address=<local private IP> count=10
and run it every 5 minutes or so...
I've had the same issue when there was no traffic through the tunnels and that sorted it
cheers
Thank you. But this is not the solution. Tunnel should work without this script. If the tunnel is too much is not the solution ...
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 1:54 pm
by semakka
you'll be surprised... I've seen IPsec tunnels behaving the same even with cisco gear...
it might not be "the solution" but it can be "a solution"
cheers
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 1:57 pm
by onnoossendrijver
Well, this is by 'design' and not a bug. You should explicitly take precautions to keep the tunnel up. On Juniper and Cisco you need to do the same thing.
An IPSEC tunnel only stays up when there is traffic.
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 2:08 pm
by ATROX
Well, this is by 'design' and not a bug. You should explicitly take precautions to keep the tunnel up. On Juniper and Cisco you need to do the same thing.
An IPSEC tunnel only stays up when there is traffic.
Yes, IPsec tunnel stays down if there is no traffic. But he must stays up if traffic starts. And sometimes it does not. That's what I wrote in my problem.
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 4:05 pm
by jarda
So my problem is different. I have the traffic (netwatch) and the tunnel was down for two days with no evident reason. Suddenly it went up.
Re: BUG was found. IPsec works not stable
Posted: Wed Jun 25, 2014 4:57 pm
by mrz
What was the ticket number?
Re: BUG was found. IPsec works not stable
Posted: Thu Jun 26, 2014 8:09 am
by ATROX
What was the ticket number?
Ticket#2014062566000221
Re: BUG was found. IPsec works not stable
Posted: Mon Jul 07, 2014 9:31 am
by ATROX
Error repeated exactly. Sending log files. The tunnel not up.
Fix please!